1-888-643-2217 Email ABEX
Keeping you updated

Monthly Archives: September 2016

Privacy and Health Disclosure Liability

3-business-people-in-boardroomPublicly held corporations must disclose information that may have a material effect on the company—and officer health is not among examples listed in the government’s definition of “material.”

As an officer or director at your organization, you have an obligation to disclose any information that might materially affect your company or affect investors’ decision to acquire or sell shares.

Personal privacy trumps disclosure obligations as long as you are able to continue performing your duties for the company—until you turn over your duties as a principal officer, you are not required to inform shareholders. However, shareholders will likely come to know of any health issues whether or not you disclose immediately.

Shareholder Litigation

There are two scenarios that could give rise to shareholder litigation should you choose to protect your privacy and not reveal that you are experiencing health issues. In both of these cases, stock price would have to drop dramatically to merit a shareholder lawsuit.

Shareholders could claim that the announcement of your illness came at the end of a period of misrepresentation and that the company had concealed information about your well-being for an extended period of time. In this case, plaintiffs would need to establish that the information was material.

In the event of your departure from the firm, shareholders could say more should have been disclosed prior to the leave, and that by not disclosing information, the stock price was artificially inflated.

In any case, if your company is highly dependent on you for proper functioning, if there is a doubt, the best practice is to disclose information about your health.

Your Right to Privacy

Disclosures are not necessarily required about officer health—and after all, it is difficult to decide at what point it is appropriate to disclose information. However, the issue is highly debated, and some believe that the potential harm an officer’s absence could cause the company constitutes a material effect.

Risk Transfer

Directors and officers (D&O) liability insurance will cover legal costs in the event of a shareholder claim. Both you and your business can benefit from a D&O policy. Since there is no such thing as a “standard” policy, an independent insurance broker is invaluable when purchasing D&O coverage.

© Zywave, Inc. All rights reserved

Canada Ranks Poorly in Lost Revenue and Continuity After Ransomware Attacks

Skull and crossbones on binary code with message of infection. Eps10. RGB. Global colors

Ransomware is a type of malicious software that is specifically designed to block systems or files until a victim—typically a company or high-ranking professional—has paid a sum of money to regain access. These types of attacks can be costly, sometimes averaging up to $50,000.

According to the recent report, the State of Ransomware, by malware remediation company Malwarebytes, Canadian businesses were among those most likely to pay ransomware demands. Additionally, the report, which examined 5,400 IT staff across Canada, the United States, the United Kingdom and Germany, showed that Canadian businesses ranked among the highest for lost revenue and business interruption following an attack.

In total, around 75 per cent of Canadian businesses admitted that they would pay an attacker to regain access to key systems and functionality. Other interesting findings from the report included the following:

  • Ransomware can impact more than the original infected system or file. In the report, Canada ranked the highest for ransomware penetration, as close to half of attacks affected 26 per cent or more of a company’s extended network.
  • Executives and senior-level staff are typically the targets of ransomware schemes.
  • On average, ransomware attacks in Canada were twice as expensive as those in the United States.
  • Business applications were found to be the most common vulnerability to ransomware in Canada. While email attacks are common in other countries, Canada’s strict anti-spam laws could be contributing to the lower number of email attacks.
  • Despite Canada ranking poorly in terms of business interruption and overall cost as it relates to the impact of ransomware attacks, 51 per cent of surveyed businesses claimed they were confident in their ability to stop an attack.
  • Health care and financial services were found to be the most common industry targets for ransomware attacks.

Ransomware attacks are a serious concern—one that continues to impact Canadian businesses. In the past year alone, more than one-third of security attacks in Canada were ransomware-related. To protect themselves from this ongoing threat, organizations should consider having a risk assessment done to determine and remediate potentially vulnerabilities.

© Zywave, Inc. All rights reserved

4 Things Companies Should Document to Improve IT Security and Disaster Response

IT Security word cloud conceptAn IT manager has the difficult task of overseeing people, processes and technology. And, if there isn’t a departmental emphasis on documenting pertinent information, overseeing a successful IT security program can be a difficult, sometimes impossible, task.

The following are a few items IT professionals should keep a record of in order to maintain efficient IT workflows:

  1. Incident response plans. An incident response plan not only helps companies prepare for potentially crippling IT disasters, but it can also give clients, partners and customers reassurance that an organization is committed to IT security.
  2. Key stakeholders. In the event of an emergency, it can sometimes be difficult to identify who is responsible for what. This can make responding to incidents difficult and confusing. To help ensure a quick response to incidents, identify who would be the decision-makers following a variety of scenarios.
  3. Common risks. Documenting IT information and processes not only ensures business continuity in the event of an incident, but it can help IT professionals prevent threats altogether. Experts recommend that IT departments rank their top five greatest threats and detail possible actions that the department can take if and when a threat emerges.
  4. Third-party providers. More and more IT departments are working with third-party providers, especially as data continues to move to the cloud. In the event of an incident, it is important that a company is equipped with a list of contacts if there is an issue with an off-site system.

As an added bonus to documenting key IT information and processes, other departments will be able to see how data security is handled at a high level. This not only reinforces the importance of IT infrastructure, but it can help promote company-wide buy-in as it relates to ongoing training and future security initiatives.

© Zywave, Inc. All rights reserved



Receive notifications of new posts automatically.


Like us on Facebook

Connect with us on LinkedIn