1. Teleworking

For over a year, Savon Bubulle Inc. employees have been working remotely. Do they use their personal laptops? Do their children install games or software on them? Are the cloud and their mobile devices well secured?

As you may have guessed, the employment contract and confidentiality agreement are no longer enough to have a complete employee file. With the new reality of teleworking, it is also necessary to establish policies that will guide staff, in particular to protect the company's equipment and tools and to prevent users from installing unsecure software. It is also recommended to carry out intrusion tests and audits and to regularly update IT security measures.

2. Cybersecurity

Managing data leaks is not just the business of large companies! Smaller ones, like Savon Bubulle Inc., are subject to the same obligations! According to Statistics Canada, each year, more than 20% of Canadian SMEs are victims of a serious cyberattack. These are increasing dramatically each year, especially since the start of the pandemic.

Where to start? First, I think it is essential that your board of directors (BOD), your management team and your staff are trained and aware of the issues related to cybersecurity. Second, put in place a plan to protect yourself against a cyberattack and review your insurance policy to protect yourself in the event of loss of revenue and damages related to a cyberattack. Finally, in terms of prevention, think about an action plan after the cyberattack to manage the consequences of these costly interruptions.

At the same time, you have probably conducted or are in the process of reviewing your IT equipment, i.e. all of your company's hardware and software. I often see SMEs resolve their security issues in a targeted and ad hoc manner, without ever taking the necessary step back to get an overall view. However, it is risky to patch things together since accumulating protection solutions without ever conducting an overall diagnosis can be expensive and ineffective.

3. Personal information

Businesses have an obligation to take reasonable steps to protect the personal information they hold. The level of protection and security required may vary depending on the sensitivity of the information or data. You can easily imagine the serious harm that can result from a financial or medical data breach… Personal information includes not only that of your customers and employees, but also that of your subcontractors and suppliers.

When setting up a transactional platform, Savon Bubulle Inc. must at least establish a privacy policy and terms and conditions. It must also obtain the consent of its users before collecting data and disclose to them what it will be used for.

4. Intellectual property

Savon Bubulle Inc. called on a developer to implement a technological solution to propel its techno shift. Fantastic, but who owns the intellectual property? Who owns the improvements made to this technological solution? I strongly recommend that you include specific clauses on intellectual property in your contract with your developer to avoid unpleasant surprises (and disputes!) later. For example, it would be wise to negotiate their right to reuse elements of your solution for their other clients.

5. Technology governance

The directors of Savon Bubulle Inc. have a duty to act with prudence and diligence, with loyalty and honesty, and always in the interest of the company. In an era where technology governs a significant part of businesses and in the face of growing threats of cyberattacks, it is essential that CAs be trained in order to have the ability to understand these major issues. In other words, I believe that a CA that is not aware of or aware of these technological risks cannot fulfill its role or its duties. Believe me, no director would want to see his organization on the front page of a newspaper because of a class action or a data leak!