Guillaume Caron
Chief Executive Officer VARS - Cybersecurity | Digital and technology consulting

What role does the Chief Information Security Officer (CISO) play in an organization?

A business falls victim to a cyber attack approximately every 14 seconds. Depending on the type of cyber attack and the size of the business, the costs can be up to well into six or seven figures. Nearly 60% of small businesses that were victims of cyber attacks end up shutting their business down permanently within 6 months.

These statistics exhibit the extent to which a successful cyber attack can have on a business financially, but there are also many other layered consequences. This can include loss of customers, damage to the business’ brand reputation and breaching of compliance and regulatory requirements.

According to VMware, 99% of Canadian companies have reported an increase in cyber attacks over the past 12 months. This shows now more then ever the importance to develop a well executed cybersecurity plan for your organisation. A Chief Information Security Officer (CISO) is there to do that.

What is the role of a CISO?

A CISO is an executive responsible for a company’s security strategy and ensuring the data assets are protected. The position requires the individual to be well versed with security risks, compliance management and internal security policies. Some of the main roles that a CISO fulfills include:

Security strategy

The CISO is a leader when it comes to security strategy for a company. Depending on the size of a company, the CISO may share this responsibility with other senior IT or tech executives within the company. The CISO is responsible for dealing with immediate security concerns and planning proactively to prevent future security issues from occurring.

The security strategy should be tailored towards the needs of a company. For example, if a business is in hyper-growth mode, the security strategy should accommodate all the vulnerabilities that can arise from scaling quickly and hiring many team members.

Manage security operations

In addition to security strategy, the CISO oversees day to day security operations within a company. The CISO should be actively finding and addressing any security vulnerabilities within a company. The CISO takes initiative on how to deal with immediate vulnerabilities by doing real-time analysis of threats and following a plan of action to mitigate risks.
The security operations on a day to day basis may include setting security policies, hiring the right security team member, meeting with senior executives to discuss strategy, analyzing security infrastructure, making sure programs are running correctly and more. With the help of the security team, the CISO can delegate and ensure that all the security needs of the company are being met.

Security architecture

The CISO is in charge of ensuring the organization is running on the best infrastructure for both security and performance. A lot of vulnerabilities that organizations have can be countered with buying up to date hardware and software. It takes the expertise of a CISO to select the best possible solutions for the organization while mitigating any potential security risks that can arise.

The CISO also designs the security infrastructure by ensuring that all network and IT infrastructure is built with the thought of security in mind. This makes sure that all aspects of the architecture of the organization are secure while performing at the highest level possible.

Incidence response

The CISO is at the forefront of any security incident that occurs within a company. Prior to an incident occurring, the CISO has made a plan of action for several possible scenarios. After an incident is reported to management, the CISO takes leadership and instructs relevant employees on what they need to do.

After the incident has been responded to adequately, the CISO will ensure all that relevant action that needs to be taken afterwards like filling out paperwork, meeting with clients, etc. is done. The CISO is likely the best equipped person within the organization that can handle a security incident from beginning to end.

Compliance

The CISO is also one of the leaders within the company when it comes to meeting compliance and regulatory requirements. Depending on the location and industry a company operates in, there might be a variety of complex compliance requirements needed to operate a company.

For example, a healthcare company in Quebec would have to adhere to both the Personal Information Protection and Electronic Documents Act (PIPEDA) and all of the of the regional data laws. Since the CISO is in charge of several aspects that deal with compliance, they are generally well-versed in these topics and can help meet with compliance demands from regulatory agencies. CISOs can help meet with compliance officers and ensure the company completes all regulatory assessments that are required by local and federal governments.

Where can you find a CISO?

Hiring a full-time CISO may not always be feasible for most companies looking to adhere to general compliance and security requirements to keep their business open. A full-time CISO will likely cost a business well over six figures annually, but there’s an alternative solution: the VARS CISO Office.

The VARS CISO Office gives your organization the power to leverage the expertise of reputable and industry-leading Chief Information Security Officers without having to search for a one or pay for a full-time resource.

To learn more about the VARS virtual CISO office and how you can increase your business’ security, talk to our experts.

22 Feb 2021  |  Written by :

Guillaume Caron is a cybersecurity expert at Raymond Chabot Grant Thornton. Contact him today!

See the profile

Next article

Katy Langlais
Manager | CRHA, MBA | Human resources consulting

The pandemic has forced organizations to look at their everyday operations from a new angle. But despite the difficulties, the crisis also presents some opportunities for the future.

We’ve all had to adapt to the new reality. Business have had no choice but to review their work methods and their range of products and services. Organizations have been forced to modify their activities, sometimes radically, operate within strict health rules or adopt new technologies.

Of course, the environment remains challenging for everyone. We encourage you to be attentive to this crucial issue for organizations: don’t neglect your own health or the health of your employees.

However, there’s another side to the coin. A major disruption like the current pandemic can give entrepreneurs the creativity boost they need to face the major obstacles in their way. As they adapt, businesses introduce innovative solutions, some of which just might be the answer to emerging market trends.

Sometimes, innovation can be hindered by the inability to turn a creative idea into a brand, a service or a product. The pandemic presents an opportunity to break through this hurdle and increase innovative capacity.

Can uncertainty be an accelerator of change and a source of innovation?

Historically, many iconic companies were created during periods of crisis. For example, Disney, CNN, Burger King, FedEx, General Electric, Microsoft, Apple, Gillette, 20th Century Fox, IBM, Hershey’s and Adobe were all founded during a recession. These success stories lead us to ask an important question: how can organizations benefit in such stormy situations?

The pressure that organizations face during a crisis leads to a sense of urgency that spurs senior management into action, whether it’s to grow the business or simply stay afloat. The need for change becomes obvious and the motivation to make change happen rises spontaneously. To keep the business going, innovation becomes a must.

What are the benefits of a corporate culture focused on innovation?

Businesses have a lot to gain from developing a culture of innovation, especially in the post-COVID era.

The first advantage is a better mobilized workforce. Layoffs, cuts to work hours and remote work have all taken a toll on employees. Involving the workforce in the company’s innovation approach sends out a clear message: employees are an integral part of the organization’s development initiatives. It also promotes social connectedness in the workforce and empowers employees to act confidently and independently. All these factors positively influence sense of belonging, motivation and performance at work.

The second advantage of developing a culture of innovation is the ability to meet the needs of the post-crisis era. Businesses that foster a culture of innovation tend to be more agile and therefore better able to deal with unexpected situations. No one can predict what the exact consequences of the crisis will be on society and individuals. However, it’s safe to assume that people’s needs and behaviours will change. Therefore, organizations need creative minds that will be able to rise up to the new challenges and adapt to new changes.

How to foster pro-innovation practices and a culture of innovation?

Stimulate innovation

For businesses that have always relied exclusively on continuous improvement practices, stimulating innovation on a daily basis begins with changing the organizational culture. This shift does not happen overnight. It’s a long-term process guided by the organization’s core values and culture. Leaders play a key role in introducing and developing a culture of innovation at their organization.

Make innovation part of the message

The statements and decisions made by senior management should embody the values of teamwork and openness. Besides the role of management, successfully fostering a culture of innovation involves two other key actions:

  1. Involve employees
    Innovation requires the involvement of all the individuals involved in the daily running of the organization. Although rarely used to their full potential, employees are undoubtedly an organization’s greatest asset in terms of ideas and innovation. While employees will need some time to adapt to the new approach, and indirect costs are involved, it should be seen as an investment. Possible ways to involve employees in innovation initiatives include:

    • Brainstorming sessions;
    • Project committees (permanent or ad-hoc) with a specific objective;
    • Knowledge sharing sessions among employees, etc.
  2. Welcome failure as a step toward success
    As human beings, we’re instinctively driven to glorify success and condemn failure. However, failure is often what leads us to eventually achieve success. With that insight, all individuals working at the organization must learn to welcome failure as an opportunity to improve, and it’s important for them to know that their managers support them using this approach. It can be very useful to give employees training on the processes and mindset of a culture of innovation. While it’s often easier to picture the final outcome, paying more attention to the process involved in getting there will facilitate the transition.

Adopt a culture of innovation across all policies and processes

You can’t promote innovation if you don’t adapt your organizational practices accordingly. In other words, in order to see results, staff management policies on pay, performance reviews, recognition, training, talent management and succession planning must all be aligned with the culture of innovation.

Strategic planning (the business model) and operational and administrative procedures also need to be adapted to reflect this cultural shift. In particular, integrating new technology can be an effective way to create innovation while improving organizational efficiency.

Propel your business forward with technology

Many innovations, especially those related to operational and administrative procedures, involve the development or integration of new technologies. Therefore, organizations should view innovation from an “Industry 4.0” angle as a means to improve the value proposition of their business model and boost their organizational efficiency.

Some technologies that facilitate communication between people can also indirectly spur innovation. For example, applications for collaborating and sharing ideas are now easily accessible on smartphones and tablets. That means people no longer need to physically be in the same room as their co-workers to participate in brainstorming sessions. The crisis can also become a source of creativity for employees, who are able to let their ideas flow and come up with new concepts for products and services. Remote communication tools can help harness this knowledge.

Now that you have some tips on how to start thinking of new ways to protect the continuity of your operations, take a step back and look at your business as a whole. What is your current business model? What skills do your current employees bring to the organization? And what might tomorrow look like if you let your creativity flow and rebuilt your business model today?

This article was written in collaboration with Éloïse Labrecque, a management advisor with Raymond Chabot Grant Thornton.

17 Feb 2021  |  Written by :

Katy Langlais is a recruiting and human resources consulting at Raymond Chabot Grant Thornton.

See the profile

Next article

In Quebec, culture, leisure and entertainment are the sectors most affected by the pandemic. The repercussions of the crisis are not only economic: they will challenge the very future of artists.

As part of a one-on-one meeting, Emilio B. Imbriglio, the President and CEO of Raymond Chabot Grant Thornton, sat down for an interview with actress and President of the Union des artistes (UDA), Sophie Prégent, to discuss the upheavals affecting the Quebec cultural sector since the beginning of the pandemic. It is clear that the cultural sector will never be what it was before and that much thought about the future of the arts in Quebec will be needed. This conference discusses how the arts community has adapted to the new reality and how it envisions the future of the cultural milieu.

A sector hit hard by the pandemic

Confinement and curfew have interrupted many cultural and recreational activities. Despite the importance of this sector and the fact that these productions are highly sought after, thousands of artists have had to give up their work. The closure of cinemas and theaters, the interruption of concerts and filming in March forced thousands of people to stop working, leading many artists to lose their bearings and even reconsider their career choices.

“It’s not normal for performers to be unable to express themselves before an audience,” said Prégent, President of the Union des artistes.

With no way to earn a living, both experienced artists and newcomers to the profession have questioned themselves in the face of the uncertain future of their careers. As President of the UDA, Prégent has made several representations to governments to raise awareness of artists’ situations, find creative solutions and participate in the development of new ways of working in the context of the pandemic.

The UDA has 13,000 artists and brings together performers from the audiovisual world (film, television, advertising, dubbing), and the performing arts (song, lyric, comedy, circus, theater, dance). In addition to supporting its members, the UDA quickly forged strategic alliances with other organizations working in the cultural milieu in order to become stronger together to overcome the challenges of the pandemic.

The artistic milieu: A reflection of society

Artists play a societal role in our community, as they are often spokespersons for social injustices and precursors of major social movements. They are influential and true vectors of social change.

One of Prégent’s main concerns since she became President of the UDA is diversity and inclusion. At the UDA, the Mosaïque committee was created to raise issues about diversity.

As Prégent explains: “There are all kinds of diversity: there’s visible diversity on the screen, there’s also audible diversity, such as people who speak French with an accent. They’re not very present on television, we don’t see or hear them. That said, there is much more diversity on the screen these days.”

“The growing role of digital technology in the way we consume music, television and film is a danger to the francophone culture. Because the music, TV and movies that we create reflect who we are, like a mirror, they bring us together, convey our values, and help us evolve as a society. With digital technology, this mirror is getting smaller and may be reduced to such a point that it will be difficult for us to recognize ourselves in it.”

Watch this interview with Ms. Prégent.

To support our artists, don’t hesitate to make a donation to the Artists’ Foundation.

Next article

Annie Poitras
Lead Senior Manager | CPA, CA, M. Fisc. | Tax

Working remotely has become the norm for many organizations. Several employees would like to take this opportunity to work from abroad.

The COVID-19 crisis has forced companies to reinvent themselves, both organizationally and in terms of employee engagement. An increasing number of companies are not planning to return to the office until the fall of 2021, so employers need to be flexible and open to change.

What about employees who are considering this opportunity to work remotely from another country? How can this affect your organization?

Some of your employees may think that teleworking from abroad, while keeping the same job in Canada, will not affect you as an employer, but they are wrong. Such a decision by one of your employees could result in legal, social security and tax obligations for the organization.

Steps and tax obligations

First, it is important to communicate with your employees and let them know you need to be notified if they are planning to work from another country. You can take proactive steps and issue internal guidelines for your teleworking employees and include measures for those who wish to relocate abroad.

Then, you need to validate what these impacts will be on your entity and what steps you will need to take with the employee and, possibly, with the other country. Depending on the type of work and the relevant tax treaty, the employee newly set up to telework could create a permanent establishment and, thus, a taxable presence for the company in the country where the employee is working from.

If you give one of your employees the option to work remotely outside Canada, either temporarily or permanently, you need to understand that there may be tax implications for the company.

Here are a few questions you need to answer.

Will my organization have tax obligations?

  • Does my employee’s home office become a branch in the foreign country?
  • Is there an applicable tax treaty?
  • Will my organization have new tax obligations in the foreign country?
  • What types of taxes are there in the other country: Sales taxes? Business tax? Will my employee’s presence trigger an application of these taxes?
  • Will my business have new source deduction obligations (taxes, benefits) in the other country?
  • Is there a social security agreement between Canada and the other country?

What are my year-end filing obligations?

  • What are the organization’s compliance obligations?
  • Since my employee is abroad, do I have tax obligations in Canada as well?

Other regulations to consider:

  • What labour laws govern the employer-employee relationship?
  • Will disability, injury and medical insurance coverage apply outside Canada?

As new teleworking policies come into effect and acceptance of telework from abroad changes, you need to integrate tax planning into your policy development to ensure that more flexible work arrangements do not create tax complications and risks. There are risks for both the employee and the employer in allowing an employee to telework from abroad.

As an employer, you need to think about these issues and manage the tax and legal implications for an employee teleworking from abroad. Tax planning will help avoid unpleasant surprises and even create opportunities for both the employee and the employer.

09 Feb 2021  |  Written by :

Annie Poitras is a tax expert at Raymond Chabot Grant Thornton. Contact her today!

See the profile