Interventions in Committee
 
 
 
RSS feed based on search criteria Export search results - CSV (plain text) Export search results - XML
Add search criteria
View Julie Dabrusin Profile
Lib. (ON)
Thank you.
When we did our study on financial institutions and cybersecurity, we heard that banks had extensive security measures in place—something people may be questioning now. We also heard people being talked about as though they were cardboard boxes.
What can people do to better protect themselves? Can you give us any helpful information or details? Is there a place where members of the public can turn for information on how to better protect themselves—a website or a telephone line, perhaps? Is there anything you can tell us, Mr. Boucher?
André Boucher
View André Boucher Profile
André Boucher
2019-07-15 14:10
Thank you for your question.
We have an extensive program. On our website, cyber.gc.ca, people can find information on how to protect themselves. Of course, people have to be aware when they are online. That is the most basic rule of cybersecurity. People have to know not only how to use the Internet, but also what they are sharing with others online. We are constantly running campaigns to educate people on using their devices securely and being smart about who they choose to share confidential information with.
Having the best protection and keeping it up to date is the first step, but making smart choices is another. People should visit only the sites of companies they consider to be reliable and reputable. Once they've done those two things, people need to choose what information they agree to share with the company. It's a three-step approach, and it is all available in the information and guidance we provide to people.
View Julie Dabrusin Profile
Lib. (ON)
I see.
I also saw a lot of information about passwords. For instance, it mentioned people who use the same password for all of their online accounts.
Can you share some things people can do to protect themselves when it comes to their passwords? That's an important element.
André Boucher
View André Boucher Profile
André Boucher
2019-07-15 14:12
Yes. I always look for opportunities to promote our website, so on our website, we talk specifically about how long and complex passwords should be. We also provide some tips. I encourage people to explore our website for themselves. It is often said that people should change their passwords regularly, but the problem with that is having to memorize a bunch of ever-changing passwords. The guideline has evolved over time. Nowadays, it is recommended that people choose at least one strong password, using certain parameters, which are available online, based on password length and/or complexity, depending on the available options. If it's possible to have a password containing up to 15 characters, people should try to choose a password that uses all 15 characters. If the password can have only eight characters, that's pretty bad, but people should at least choose a more complex password.
Constantly changing one's passwords is of minimal benefit if it means people have to write them down somewhere or use the same one for many different sites. What we want people to do is be diligent about choosing their passwords: choose something that is unique and as strong as the provider's parameters allow. People can use the same password, but if a data breach occurs, they have to act fast, changing their password and taking additional security measures. It's important to do a combination of things.
View Julie Dabrusin Profile
Lib. (ON)
The other problem is that once people have a password that works well, they use it for all their online accounts. Some sites tell users that their passwords have to be longer, more complex or what have you, but they never remind people not to use the same password all the time or to use a different password than they do for other accounts. Would you mind talking about that as well?
André Boucher
View André Boucher Profile
André Boucher
2019-07-15 14:13
Now you're asking me to be very pragmatic.
Ms. Julie Dabrusin: Yes, but this is pragmatic stuff.
Mr. André Boucher: What I would advise people, other than being very pragmatic, is to base their passwords on their level of uncertainty when it comes to the various online services they are using. For instance, for online banking, people should use a number of distinct passwords that are as complex as possible. However, for their online account with their local curling club, say, people may wish to be a little less rigorous and use the same password a few times, even though that isn't what I would recommend.
View Alupa Clarke Profile
CPC (QC)
Superintendent, my next question is along the same lines as that of my fellow member, Mr. Motz.
Whether they've approached me on the street, come to my office or answered the door when I was canvassing, everyone has asked me the same question. They want to know what crimes these fraudsters are going to commit down the road. They want to know what to expect. What crimes will the 2.9 million victims of this massive data breach be the target of in the future?
In addition, how long will it be before those crimes are committed? The media are reporting all kinds of things. We are hearing that it will take five or 10 years before the fraudsters do anything—that they'll wait until the dust has settled.
Mark Flynn
View Mark Flynn Profile
Mark Flynn
2019-07-15 14:19
The reality is that whenever personal information, passwords, etc., are released on the Internet, they are there forever. People need to be cautious and vigilant about that, and use the services that are available, like credit monitoring, etc., to ensure that triggers are put in place to notify them when someone's trying to use that information, to help prevent an actual fraud from occurring.
I'm trying to respect the timeline.
View Michel Picard Profile
Lib. (QC)
View Michel Picard Profile
2019-07-15 15:57
There are two issues involved in what I consider the temporary solution of dealing with a third party. You're asking people to deal with a third party to protect their personal information. Two years ago, this third party was also the victim of hacking. We conducted a study on the matter here.
How liable would you be if your clients' personal information were hacked from the entity that you trust, such as Equifax?
Guy Cormier
View Guy Cormier Profile
Guy Cormier
2019-07-15 15:58
That's a relevant question. In Canada, Equifax is the firm with a market share of over 70% in data and information protection and management.
When the incident occurred, we decided to turn to the Canadian company that offered this service to Canadians. We worked with the company. However, in the days that followed, we noticed some issues. We quickly took our own steps to resolve the issues concerning member registration on the Equifax website. We went through this. We saw the need to improve the procedures and methods, and we took charge of the matter.
Now, should one, two or three private companies in Canada manage all this? We must think about it.
View Glen Motz Profile
CPC (AB)
In 2018, Desjardins Ontario merged with about 11 Ontario credit unions, if I remember correctly. Would any of those potential clients be impacted by this data breach?
Guy Cormier
View Guy Cormier Profile
Guy Cormier
2019-07-15 16:28
The answer is yes. For the caisses in Ontario, merged or not merged, it's possible that there are some members of these caisses who have been impacted by the breach.
View Glen Motz Profile
CPC (AB)
In 2013 the Desjardins Group purchased insurance firms out west, particularly Coast Capital Insurance in B.C., First Insurance in B.C., Craig Insurance in Alberta, and Melfort Agencies and Prestige Insurance in Saskatchewan.
Would any of these clients be impacted by the Desjardins data breach?
Results: 1 - 15 of 141 | Page: 1 of 10

1
2
3
4
5
6
7
8
9
10
>
>|