The International Accounting Standards Board (IASB) has issued Amendments to IFRS 17 (the Amendments). The aim of the amendments is to address the concerns raised by stakeholders and help entities to more easily transition and implement IFRS 17 Insurance Contracts.

The IASB also issued an amendment to the previous insurance Standard IFRS 4 Extension of the Temporary Exemption from Applying IFRS 9 (Amendments to IFRS 4) so that entities can still apply IFRS 9 Financial Instruments alongside IFRS 17.

Next article

Guillaume Caron
Chief Executive Officer VARS - Cybersecurity | Digital and technology consulting

Updated on May 14, 2021

Are you at risk? Telework was introduced at a breakneck speed in many organizations this year. But what about data security?

Attempts at phishing, ransoming and other data theft or malicious traffic disruptions have increased as fraudsters are taking advantage of the vulnerabilities resulting from people working from home.

In order to avoid high costs for your organization and the loss of customer confidence, it is essential to secure your data, monitor your networks’ security and have a cybersecurity plan to effectively and quickly respond to and mitigate cyber attacks.

To help you assess the situation, here are five aspects to keep in mind to ensure that your organization is minimizing its IT risks.

1. Adopt a policy on the use of computer security equipment

Make sure that all devices being used, including mobile devices, are designated for the worker and used only for the worker’s job. Additionally:

  • Use a virtual private network (VPN) that secures access through encrypted authentication and encrypts sensitive data;
  • Limit users’ ability to add applications through whitelisting (preapproved security applications) by controlling installation permissions;
  • Provide a firewall—a barrier that filters incoming and outgoing data;
  • Protect your networks and devices with a professional IT solution;
  • Use a mobile device management solution to protect mobile devices from loss, theft, damage and unauthorized access;
  • Ensure that all devices (personal or business-owned) that remotely connect to the entity’s resources meet the security requirements of the information security policy: for business-owned devices, the IT department must ensure that only software authorized for use on the entity’s resources is installed.

2. Safeguard data access

Make employees aware of the importance of best practices and implement secure user authentication mechanisms:

  • Consider using multi-factor authentication (MFA) for all high-level access and access to sensitive data, applications and mission-critical environments;
  • Include a screen saver with automatic lockout;
  • Install regular automatic updates to anticipate security breaches;
  • Disable wireless access to unused devices;
  • Put advanced antivirus and anti-malware software on all devices that have access to the entity’s environment and data;
  • Ensure that all sensitive data communications are encrypted (including email communications).

3. Train employees on working remotely

Provide ongoing training to make employees aware of key security issues and remind them of good practices:

  • Detecting fraudulent emails and phishing attempts;
  • Using a strong password;
  • Never leaving a device unattended;
  • Using a secure wireless network;
  • Quickly contacting a resource person in case of a security issue, such as a lost device or detection of a problem (provide emergency contact information).

4. Protect information and store it in a secure environment

This is important at all times, but when everyone is working from home, the stakes are even higher: it is essential to provide a data backup environment.

  • Back up data regularly by making copies that are stored securely and, ideally, in a cloud environment so that they can be accessed from any secure device;
  • Limit employee access to the information they need to do their jobs. Limit access to the required individuals only or, in accordance with the “minimum privilege” principle, to minimize the risk of unauthorized access to sensitive data;
  • Ensure that sensitive information is encrypted (e.g. intellectual property, personal identification information, registered credit card numbers, health care data): only access secure sites (HTTPS protocol) using devices provided by the employer.

5. Prepare a contingency plan: respond, manage, mitigate and recover

Whatever their size, all organizations are at risk of one or more cyber attacks during their lifetime. Unfortunately, this is even more so in this day and age, as malicious individuals are taking advantage of teleworking to infiltrate loopholes. It is essential that you have a contingency and risk prevention plan in the event of phishing, ransomware or other fraudulent attacks to:

  • Assess potential threats;
  • Closely monitor attack attempts;
  • Anticipate the measures to be taken to protect your systems and data;
  • Ensure that records are captured and monitored;
  • Rely on professionals to anticipate risks and assist you in monitoring and responding to cyber attacks.

Keep your business out of the reach of fraudsters. Contact our cybersecurity experts. They can offer solutions adapted to your organization and the assistance you need.

13 Aug 2020  |  Written by :

Guillaume Caron is a cybersecurity expert at Raymond Chabot Grant Thornton. Contact him today!

See the profile

Next article

Cultural, sports and tourism organizations have been hard hit by the pandemic. With locals and visitors having to completely change their habits, existing business models and financial frameworks have been upended.

In past few months, municipalities have been working hard to develop economic reopening plans. And it’s interesting to see how certain issues emerge time and again in these plans, such as: downtown centres, buy-local initiatives, cultural and sports scene vitality, green spaces and mobility (public transit and active transportation).

Municipalities have played a key role in managing the crisis. Based on our recent observations, we believe that municipal leadership will be just as important for the reopening phase.

The four pillars of municipal vitality

Everybody recognizes that municipalities play an important role in ensuring the provision of basic services, like public safety, roads, water and sewage systems, etc. Increasingly, however, individual citizens and businesses expect municipalities to actively lead projects aimed at making communities more dynamic, with a focus on four key areas:

  1. Cultural infrastructure and vitality: Libraries, theatres, cultural venues, etc.
  2. Dynamic downtown centres and economic development: Prospecting, commercial vitality, entertainment, urban beautification, placemaking, etc.
  3. Sports and recreation infrastructure and vitality: Green spaces, outdoor sports facilities, arenas, swimming pools, bike paths, parks, etc.
  4. Tourism appeal: Attractions, museums, festivals, conventions, accommodation, etc.

Interesting, distinctive municipalities are those that develop a clear vision and strategies for each of these pillars and that implement major initiatives to develop all four areas. The ability of municipalities to attract visitors, new residents and businesses depends on these pillars.

Capitalizing on the reopening to boost community vitality

Many organizations in these sectors are facing hardship due to the COVID-19 crisis. There’s a high risk that they could lose their assets and see years of hard work slip away in just a few months. Municipalities have tough decisions to make in terms of which assets are worth saving and how much support they can offer to those identified as top priorities.

But the crisis also presents an opportunity to shake things up and orchestrate transformations that might have otherwise taken years to get off the ground.

This is where things get complicated for municipal decision makers and local cultural, sports and tourism groups. Since there’s no established roadmap for Phase 2, they’re being forced to define a new approach in record time. In this context, business reopening plans must be based on fast yet detailed impact and opportunity assessments, as well as on innovation and agility.

Considerations for maximizing business reopening and financing opportunities

  • Looking at demographic data, will local cultural and sports infrastructures meet the community’s needs once the crisis is over?
  • Are there sports, culture or tourism organizations that could merge or pool their services to improve efficiency?
  • Which tourist attractions and events support the municipality’s values and image? Which ones need to be refreshed with an updated vision and entertainment agenda?
  • Does the municipal policy for supporting organizations suit today’s needs and reflect new approaches implemented since the pandemic began?
  • Given the impact of the crisis on retailers and restaurants, what features will define the downtown area and attract people to the city core?

In the coming months, we can expect governments to unveil various financing programs (for infrastructure, optimization, innovation, technology, etc.) aimed at stimulating the economy. If municipalities and cultural, sports and tourism organizations want to get their share of available financing, they have to be ready with detailed plans.

Our team of experts specializing in tourism, leisure and culture can help you define your strategy. Contact us now.

Next article

International Accounting Standards Board (IASB) amends the classification of liabilities as current or non-current.

Early in 2020, the International Accounting Standards Board (IASB) published Classification of Liabilities as Current or Non-Current (Amendments to IAS 1), which clarifies the guidance in IAS 1 Presentation of Financial statements on whether a liability should be classified as either current or non-current. In July 2020, the IASB deferred the application date to January 1, 2023.

Before the amendment, IAS 1 indicated that if an entity had an unconditional right to defer settlement of a liability for at least 12 months after the reporting period, then the liability is classified as non-current, if not, it is classified as current. Some preparers have found this indication confusing and consequently similar liabilities have been classified differently, making comparisons by investors difficult.