Alexandre Blanc
CISO - VARS | Digital and technology consulting

Your data is worth a fortune on the dark web. To keep it safe, you have to think like cybercriminals. How do they do it and how do you hinder them?

Understanding how cybercriminals work is key to ensuring that your corporate computer data is safe. How do they gain access to your data? They steal your identity information, either by using phishing emails sent to your users or by exploiting vulnerabilities in systems and applications that may be out of date. They then determine which of your data are the most sensitive so they can exploit them.

Cybersecurity is constantly evolving, and your organization needs to keep up. It has to be forward-thinking about what is going to happen so it is prepared for fraud and theft attempts.

To protect your computer data, make sure you have a good computer security posture.

Classify your data by importance
Be aware of internal threats
Choose the best means of protection

Classify your data by importance

The first step in a process to improve your computer security posture is to classify your data by importance. Here are a few key questions you need to answer BEFORE starting to implement efficient controls in a governance context:

  • What needs to be protected?
  • What is the level of sensitivity?
  • Where is the data?
  • Who has access to the data and when was the last time they accessed it?

Once you are able to properly answer these questions, you can begin to build a defence system to protect your most critical data according to your organization’s risk level. Too often, organizations spend a lot of money on controls to mitigate attacks, without ever taking that crucial first step.

Be aware of internal threats

A ransomware attack is the act of breaking into your systems and taking over your data by encrypting it and compromising your backups.

The criminals will demand a ransom in exchange for the encryption key that will allow you to recover your data. However, in many cases, even if you pay the ransom, your data will already be made available to other criminal organizations on the dark web. This is the multiple extortion model where a second lever can be used through blackmail, or worse, making you lose access to your data forever, since criminals find that selling this data on the dark web is of greater interest. This is why it’s important to protecting yourself against it.

However, the threat to your data can also come from within and you must also take this into account in your protection plan. For example:

  • Careless workers may unintentionally put the organization at risk (storing sensitive data on an unencrypted USB drive or disk, leaving a laptop or other device unattended where that data could be stolen, leaving confidential documents on a desk).
  • Employees who are terminated or voluntarily leave could take organizational data with them (intellectual property or organization data generated or used by the employee, customer lists, trade secrets).
  • Employees could circumvent security because it hinders their productivity (saving files to a personal hard drive, using applications not approved by the organization, unapproved collaboration).
  • Malicious employees who have a grievance against an organization may choose to act on it (disclose confidential data, commit sabotage, alter or delete sensitive data).
  • Infiltrators, working on behalf of an outside group may want to commit a data breach or other industrial espionage attack (these insiders may be malicious, deceived through social engineering, or coerced through bribery or blackmail, and allow an outside group to gain access and user privileges).

Note that third-party partners can pose the same threats and cause the same damage as an organization’s employees with similar access. According to Threatpost, 94% of organizations provide their vendors, suppliers, business partners and others with access to their networks and systems, and 72% of these third parties have elevated permissions on those systems. If they have poor cybersecurity hygiene, they put you at risk every time they log into your systems.

Choose the best means of protection

Once you have classified your data, there are practical and simple ways to protect your most sensitive and critical data from any type of attack.


Make your data virtually unreadable by anyone who doesn’t have the key, both while in storage and while in transit or in use.

Secure, offline backups

Make sure your backups are not only online, otherwise they could also be compromised, making them impossible to restore.

Eliminate unauthorized file editing, deletion and movement

If you are using Active Directory (AD), there are simple solutions to protect your unstructured data and set up monitoring of your dark web footprint.

Email threat filtering

No single solution can eliminate all malware and attacks, but by eliminating most of them, you will significantly reduce your attack surface and risks.

User awareness

Your users have phones, tablets and social media accounts. Make sure they are aware of their dangers to the organization.

Password policy

How many of your users have the same password for work, their social media or their bank accounts?

Multi-factor authentication

The second static factor is no longer sufficient and hasn’t been for a long time. You need a solution that incorporates time and location and other attributes to prevent remote access to your data.

Third-party suppliers and super-administrator access

You need an approval process for all external and internal access to sensitive systems, as well as a complete audit trail and indexed log of every action, including orders.

24/7 detection and response management year round

Monitoring of your files, desktops, servers, networks, mailboxes, and user behaviour should be ongoing and include real-time automated risk mitigation, isolation and remediation.

Zero trust model

This innovative security model ensures a secure connection by eliminating transitive trust and continuously identifying and authenticating each device and user before granting them access to network applications. Your onsite and remote users can securely log in to their work environment with trusted user and endpoint identification and multi-factor and biometric authentication.

You need to construct layered data protection with redundant controls to make it more difficult for cybercriminals to access your data. No single solution will eliminate all threats. However, knowing what your IT security posture is and what IT data needs to be protected to ensure your business’s health provides your organization with solid protection against cyberattacks.

This article was written in collaboration with Harold Walker, Senior Director of VARS, a subsidiary of Raymond Chabot Grant Thornton, specialized in cybersecurity.

21 Oct 2021  |  Written by :

Alexandre Blanc is a cybersecurity expert at Raymond Chabot Grant Thornton.

See the profile

Next article

Frédéric Pinard
Advisor | Organisational psychologist, D.Ps., CRHA | Human resources consulting

How can being kind to yourself make your team more effective? Learn more about self-compassion.

Overwhelmed, resigned, powerless. These feelings are all too common among managers and employees, especially when things are in flux, as they are now. The situation can sometimes seem insurmountable, leaving workers wondering if their individual contributions really make a difference. Yet, there is a simple solution, albeit counter-intuitive, if you want to overcome these feelings : self-compassion.

The concept, which recently surfaced in scientific literature, involves shifting your focus back to yourself so that you are better prepared to face the challenges ahead. Interestingly, self-compassion is not just good for the person who practices it. Their direct and indirect entourage can also reap the benefits.

What is self-compassion?

We are all familiar with how to be compassionate toward others. It is a matter of being attentive and helping those in need. But what is self-compassion? How do you go about practicing it? And how might this attitude trickle down to your colleagues?

Self-compassion consists in being kind with yourself—and not self-critical—when you are faced with a challenging situation. Of course, it is easier said than done. Indeed, many people have an innate tendency to expect more from themselves than they would from others, especially when things aren’t going as planned. This is particularly true for people in management positions.

So, what is involved in being self-compassionate? There are three things to keep in mind:

  • Know your strengths and focus on them (self-kindness);
  • Keep things in perspective and remember that dissatisfaction and disappointment are normal and part of the human experience (common humanity);
  • Stay focused on the here and now (mindfulness).

How do you apply self-compassion in the workplace?

Let’s look at a case study. You and your colleagues are leading a large-scale digital transformation at work. During the implementation phase, it becomes clear that you underestimated the extent to which changing certain software would impact your suppliers. Their adjustment period forces you to extend the implementation phase, which frustrates those who have been clamouring for the new program and galvanizes the ire of those who were not on board with change to begin with. You are beside yourself. How could you have failed to foresee the impacts? What a terrible mistake!

In a situation like this, many people would hang their heads and tell themselves that the situation is all their fault. But will wallowing in guilt help them do better next time? Probably not, though that is nonetheless how a lot of people tend to respond.

Instead, a self-compassionate approach would involve:

  • Recognizing that some aspects of the process went smoothly;
  • Rallying your strengths, particularly the qualities that can help you address the situation (self-kindness);
  • Remembering that pitfalls are part of the change management process (common humanity);
  • Focusing on what you can do to correct the situation (mindfulness).

Compassion is not complacency

It is not about making excuses or shirking your responsibilities. Compassion is not complacency. Rather, it is about being kind and fair to yourself when things go wrong, while still being accountable.

Adopting this attitude will make life easier for you and for those around you. According to some studies, people who are self-compassionate tend to:

  • Be better equipped to help others because they have a better understanding of their own limits;
  • Create a more positive work climate because they are more attuned to other peoples’ acts of kindness and are therefore more likely to reciprocate;
  • Promote team innovation by helping create an environment where people are not afraid to fail and recognize that it is part of the creative process.

If a leader is self-compassionate, it can serve as a good example and inspire their team members to be more compassionate toward themselves.

Benefits for the whole team

Like any skill, self-compassion can be learned, but it involves making a constant conscious effort to change unhelpful thought patterns.

People can learn how to be self-compassionate through individual and group activities.

Given all the advantages of self-compassion, it is likely that tomorrow’s leaders will be both high-achievers and compassionate toward themselves.

14 Oct 2021  |  Written by :

Frédéric Pinard is an expert in Human Resources at Raymond Chabot Grant Thornton.

See the profile

Next article

In order to improve the performance of your organization, you must rely on the cohesion between all elements and teams.

Before increasing expenditures or adding staff, it’s crucial to analyze your processes and see if there are opportunities to make better use of the resources you already have. You should also look to improve cohesion between your processes and teams.

Any initiative to optimize your procedures should start with reviewing your organization’s purpose and defining its short-, medium- and long-term objectives, as well as how you plan to achieve them. You’ll also need a system of checks and balances that covers the company’s key performance indicators to make sure you stay on track to meeting your goals.

Completing these steps will help you remain at the forefront of your market, adjust to changes in your environment and jump on growth opportunities as they come up.

Determine specific objectives

The most important thing is to always circle back to your business’ key offering—its raison d’être—and to identify its short-, medium- and long-term objectives. Having a clear vision will make it easier to define your goals and determine what you need to do to achieve them.

Once you’ve established your objectives, share them with all your employees along with an explanation of what you expect from them. Specifically, how will your strategic objectives translate into operational objectives for your teams? What tasks will be required from your departments and what changes should they expect?

Establish KPIs for tracking results

It’s also important to determine how you’ll measure your results. Your key performance indicators (KPIs) should be aligned with the company’s strategy and objectives. Success can be measured in more ways than one. It’s not all about money. For example, your organization’s primary goal might be to rank in the top five in a given market, be an employer of choice, or be recognized as a responsible corporate citizen.

Next, focus on issues that will help your business reach its goals. Of course, new ideas may arise along the way, but be sure to ask yourself if they’re aligned with the organization’s performance objectives. You can’t fix everything at once. It’s better to stay the course and focus on the goals you’ve already set.

At the same time, you don’t want to be too rigid when monitoring your strategic planning. Deviating from the plan may be warranted if your priorities change. If that’s the case, you should adjust your goals and action plan accordingly. The key is to maintain alignment between your vision, strategy, metrics and procedures.

Optimize productivity

Increasing production capacity is often the first thing that comes to mind to reduce bottlenecks and catch up on backlogs. But a smarter move would be to ask yourself whether the company is using its resources efficiently.

Adopting lean management or lean manufacturing principles can help you boost efficiency and create better products or services in less time and with fewer resources.

Eight types of waste

Lean management is about optimizing business processes. It involves identifying your current processes and analyzing each stage with the teams concerned. This exercise lets you see how data or resources flow and determine where waste occurs, so that you can either reduce or eliminate any inefficiencies. When you cut non-value-added tasks to a bare minimum, the entire process delivers more value.

The eight most common types of waste are:

  1. Transportation and travel (unnecessary travel between storage sites, excessive material handling during the production stage, etc.);
  2. Motions and actions (redundant procedures, poor document/part storage, inefficient printer location in the office, etc.);
  3. Waiting (delayed raw material deliveries due to computer problems, stopped manufacturing due to an upstream error, etc.);
  4. Overproduction (producing more than customers need leading to slowed flow, storage challenges and excess inventory);
  5. Inventory (overstocked parts or products leading to stagnating finances and loss of storage space);
  6. Overprocessing (any process that doesn’t benefit customers should be considered unnecessary);
  7. Defects and errors (correcting errors costs the business time and money);
  8. Underutilized talent (not using an employee’s full potential).

Meanwhile, lean manufacturing is about how to make things faster, more efficiently and at a lower cost. The goal is to improve the entire manufacturing process. So, how do you go about making your production process more efficient? Use the 5S method to optimize work spaces and the way they’re set up:

  1. Sort (sort and remove anything that’s unnecessary);
  2. Set in order (find the right place for each item);
  3. Shine (clean, inspect and repair);
  4. Standardize (establish standardized rules);
  5. Sustain (analyze the things you do and make improvements).

Invest in technology

Making good use of technology can improve digital workflows, business processes, employee training and many other aspects of your company’s operations.

Technology can boost organizational efficiency by automating certain operations and relieving your employees of routine tasks so that they can spend their time on tasks that deliver value for the business.

It also improves aspects like traceability, which gives you a better understanding of customer needs, or enables you to plan preventive measures, such as installing a sensor on your equipment to anticipate breakdowns and let you know when it’s time to service the machine or replace a part. That way you’ll be equipped to plan ahead, rather than just respond to problems. As a result, you’ll avoid downtime on the production line and all the costs associated with it.

Always keep profitability in mind

Maximizing your company’s efficiency involves giving advance consideration to your costing (the sum of all expenses incurred to produce a good or finalize a service) and to the profitability threshold (and your break-even point), which are essential for determining when your business becomes profitable. This exercise establishes the groundwork for your strategic planning.

Once you’ve identified your objectives, it’s time to develop a budgeting tool that lets you establish financial forecasts for the next two or three years. You should also set up a dashboard with performance indicators so that you can track your results. That way you’ll be better able to make corrections if you start to deviate from your goal. Or, if everything is going well, you’ll know that you should keep doing what you’re doing.

Set up tracking tools

When developing a dashboard, aim for a balanced but succinct solution that gives you a reading of factors related to HR, finance (revenue, turnover, sales, costs, expenses), operations (improvement, optimization, efficiency, effectiveness) and quality (customer satisfaction).

Your dashboard will help you make informed decisions on the company’s objectives, planning and projections. It will also help you establish effective processes, methods and solutions to achieve your goals.

Making the most of your people

One aspect of organizational performance that you shouldn’t overlook is your employees. The more they are motivated, provided with the chance to use their talents and given the recognition they deserve, the better your company will perform.

This is a key responsibility for any company: making sure employees feel involved and valued, so that they can confidently embrace and work toward the vision laid out by the leadership team.

When measuring your company’s HR performance, keep an eye on the following indicators: turnover rate, departures, absenteeism, time required to fill a position, productivity rate and job satisfaction rate.

Include all aspects

A company is like the human body in that it’s a living organism that relies on different organs. That’s why you need to take simultaneous action in several different areas of the company if you want to make it more efficient.

Next article

Daniel Prud'homme
Senior Manager | Practice Leader | Business Transformation

It’s in your organization’s best interest to hire a consulting firm to obtain the necessary tools and expertise for its activities.

Is your strategic planning process coming up in a year and you’re considering getting help with updating it? Are recruiting and retention difficulties leading you to seek solutions from the private sector? With questions like these, you should definitely turn to a consulting firm.

In addition to these specific needs, there are at least four other good reasons to do business with these firms for public sector departments, businesses, organizations and other bodies:

  • Taking advantage of the varied expertise;
  • Accelerating processes;
  • Taking advantage of an objective presence;
  • Getting external advice for authorities.

Taking advantage of varied expertise

Beyond the direct need for additional resources, using a consulting firm allows organizations to have immediate access to a wide range of expertise.

To name a few, services can include strategy, financing, human resources and technology.

A consulting firm will support you in the various facets of strategic and financial functions, in particular with regard to:

  • Strategic planning updating implementation activities;
  • Review of business model;
  • Organizational diagnostics;
  • Process optimization;
  • Change management and continuous improvement;
  • Risk management and service continuity;
  • Costing calculations;
  • Financial strategy and forecasts.

Human resource services may include the following consulting services:

  • Employer brand;
  • Attraction and retention performance;
  • Compensation policies;
  • Work climate analysis;
  • Engagement surveys;
  • Training and development activities;
  • Local or international recruiting.

As for technologies, a firm can contribute in numerous fields, in particular:

  • Digital transformation;
  • Process automation;
  • Cybersecurity;
  • Diagnostics on systems in place;
  • Objective guidance in new system selection and implementation;
  • Advanced data analytics;
  • Blockchain expertise.

Accelerating processes

An organization’s leaders and employees often have to deal with several simultaneous tasks and atypical schedules. They must divide their time between necessary meetings, various operational tasks and numerous administrative obligations.

Entrusting certain assignments to an outside team makes it possible for activities to progress in parallel with other organizational activities.

If assignments are well defined, clients will receive a complete product that meets their expectations in a much shorter time frame than if the product had been designed internally, given the inevitable interruptions resulting from the complexity of the activities.

Taking advantage of an objective presence

External experts can help an organization pool various components in order to achieve its business targets.

In addition to organizational expectations, the various sectors are subject to their own internal constraints and must respect deadlines. While the variety of employee styles and personalities may represent a source of complementary skills, it can also, at times, be a source of tension. It can be difficult at times to align all needs between peers and ensure that efforts are coordinated.

However, the presence of an external expert often ensures success in carrying out cross-functional activities. The result would be stakeholders who are properly prepared for work meetings, express their points of view to a greater extent and rally more strongly towards the consensus reached.

Getting external advice for authorities

Additionally, for governance purposes, organizations must regularly produce a compliance review, audit or certification on projects, achievements or financial statements.

In parliamentary committee, with your board of directors or departmental team, these external opinions and recommendations allow management to confirm a direction and demonstrate their activities to the authorities.

Responding diligently and efficiently to your needs

In this regard, our teams’ agility, know-how and dynamism are in keeping with our desire to respond diligently and effectively to the needs of government departments, businesses and public agencies, as well as those of other public and parapublic industry entities.

Our commitment to quality is evidenced by our specialized business line for the public and parapublic industry, integrating all aspects of management, our continual compliance with the government legislative and regulatory framework, and our professionals’ ongoing training.

05 Oct 2021  |  Written by :

Daniel Prud'homme is a business transformation expert at Raymond Chabot Grant Thornton.

See the profile