A Reminder of Cyber Security for Public Companies During COVID-19

With the implications of COVID-19 dominating everyone’s attention for the last several months, the cyber bandits are on the attack more than they ever have. Corporate IT infrastructures are stretched thin, with resources over-taxed as companies take the necessary steps to adapt to the reality of a remote working environment. Intrusion attempts will continue to increase exponentially as both amateur and professional hackers exploit the weaknesses created by the rapid expansion of network infrastructure and diminished oversight. More than perhaps ever before, proactive network security its critical to a firm’s very existence. Traditional prevention and detection protocols employed may not be sufficient given the current environment.

As for public companies, investors are more engaged in making sure issuers have controls in place to address and mitigate cyber threats. On January 19, 2017, the Canadian Securities Administrators issued CSA Multilateral Staff Notice 51-347, Disclosure of cybersecurity risks and incidents, which provided information regarding cybersecurity risks, cyber-attacks and disclosures of public companies, followed with guidance as to cybersecurity risk disclosure referencing the International Organization of Securities Commissions report on cybersecurity in securities markets.

The CSA guidance on risk disclosure for issuers cover many topics from ways in which to mitigate risks from cyber attacks, including obtaining insurance coverage and engaging with cybersecurity advisors to put a plan in place. Being a public company, the issue of materiality and proper disclosure is paramount. Issuers should refer to the guidance in National Policy 51-201 Disclosure Standards.

At The Marrelli Group, we not only exercise best practices on cybersecurity for our operations, but we also ensure proper disclosure of reporting information about cybersecurity risks to comply with securities regulations for issuers public documents, including the Financial Statements, Management’s Discussion and Analysis, Annual Information Form, and Material Change Reports. With the advent of COVID-19, cybercriminals are aggressively pursuing cyber theft tactics to trick and cause organizations to pay for false invoices or contribute to fake non-profits that describe themselves as supporting COVID-19 causes. Fortunately, we have financial controls in place to prevent payment fraud that our clients may face when paying a vendor. For instance, our bookkeepers and staff at Marrelli Support Services verify first via telephone with our clients, before making any payments to their vendors on their behalf, to confirm the wire or ACH payment amounts, vendor and banking information are accurate. This simple, yet effective action, avoid potential cyber thefts perpetrated by cyber attackers and is one of many procedures we employ in our overall cybersecurity efforts for ourselves and our clients.

If you would like to learn more about our policies and procedures regarding cybersecurity, please feel free to contact us at 416-361-0737 or info@marrellisupport.ca.

For more information about The Marrelli Group and its services, you can browse through our website at Marrellisupport.ca.