Cyber Employee Awareness Training
As noted in our post, Understanding Your Cyber Coverage, minimum standards must be in place in order for you to be eligible under the Mandatory Cyber Program:
Backup Controls: Weekly backups of data, stored offsite, and tested at least annually.
Patching: Application of critical patches to your systems, anti-virus software, and anti-spyware software must be made within two weeks of release.
Anti-Virus/Firewalls: Installation and maintenance, and active monitoring within reasonable business practices, of firewalls and endpoint protection (also known as anti-virus and anti-spyware)
Multifactor Authentication (MFA): MFA is an authentication method that requires the user to provide two or more verification factors to gain access. MFA must be enabled on email accounts and for remote network access (also known as VPN or Virtual Private Networking, or remote desktop access).
Email Scanning: Email scanning must be enabled on your mail services to ensure each email is scanned before entering your inbox or leaving your sent box for malicious attachments, links, or other content.
Employee Awareness Training: Engage in cyber awareness training on at least an annual basis.
While all these minimum standards are vitally important and should be seen as good practice for any firm or organization, employees continue to be the most exploitable element of organizational security in Canada. Therefore, it is imperative that employees receive awareness training.
The training is not prescriptive and can take any form, including law society courses, or in-house training, that would qualify as training. For example, see the Law Society of Manitoba’s Cyber Security webpage for a comprehensive collection of resources.
The following training has been approved by the cyber insurer and is available on the CLIA website:
An Introduction to Cyber Security
It is important to note that you should keep a record of the cyber training provided, including when it was provided and to which employees.