Skip to main content
The Globe and Mail
Support Quality Journalism
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
per week
for first 24 weeks

Enjoy unlimited digital access
Enjoy Unlimited Digital Access
Get full access to
Just $1.99 per week for the first 24 weeks
Just $1.99 per week for the first 24 weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(}function setPanelState(o){dom.root.classList[o?"add":"remove"](,dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); }

A combination lock lies on a printout of black and white 1s and 0s with the word “security” in red.


We explore 10 key challenges for business leaders in 2014, with expert commentary on the issues.

When Chris Karram started mortgage and investment firm SafeBridge Financial Group in 2005, he never thought that anyone would want to steal his customers' sensitive information.

He used a basic content management system to store his clients' data and it didn't come with any special security software.

Story continues below advertisement

There were some financial sector security regulations he had to follow, but if anyone wanted to hack into his system they probably could.

"There was no real security behind what we were using," he says.

That's changed over the years. While he's never had a security breach, he, like a lot of company owners, has read more and more stories about people going to great lengths to get people's information.

His customers have noticed that, too. In 2006, nary a client mentioned anything about security. Now, he often has to spend time explaining to people why they need to divulge certain details.

"There's a heightened awareness about the ease of accessing e-mails and other information," says Mr. Karram, co-founder and co-CEO of the company. "You can see a growing hesitancy by the Canadian consumer to release personal data."

As hackers get more tech savvy and increasing amounts of data is stored on computers, information security is becoming a more pressing issue for companies in all sectors.

For Mr. Karram, IT security poses two challenges. He needs certain information – the most important being a social insurance number – in order to secure mortgages and investments for clients. He also has to send that information via a computer to other financial institutions.

Story continues below advertisement

"Unfortunately, we don't have a way around that," he says.

In some cases clients have been so worried about handing over their SIN that the mortgage process has been delayed. He's never had a client stop the process altogether, but he does spend a lot of time reassuring people that their information is safe.

The more stories of security breaches that come to light, the more Mr. Karram beefs up his own systems. In 2007 he switched to a more complex content management system, which came with better security software. While he didn't buy it for the protection, he was happy it was there.

In 2010, when the company switched to the content management program it has now, Mr. Karram hired an IT specialist to develop a more robust security system. The program uses the same security certificates and encryption methods that most companies use today, but he also added additional layers of protection to the back end system, he says.

He's also changed the way certain data are accessed and stored. For instance, his mortgage agents can only see their own clients' information and as soon as social insurance numbers, driver's licence information and certain other sensitive numbers are sent to a mortgage lender or financial firm, those details disappear.

"We don't actually store that information," he says. "If we need the number again, they'll have to provide it again."

Story continues below advertisement

Any information that is kept on hand is backed up to the cloud and every computer has its own separate log-in and password. He can also tell who has logged in to each computer and what information has been accessed and when.

He's also using a less technologically advanced method of protection: a room with a locked door. He keeps loads of documents in the "filing room," and only certain people can get into it.

While he says that his security measures are better than they've ever been, there's always more to do. That's the rub – even with all of those layers of security, customers are still nervous and hackers continue to get smarter.

It may be an unsolvable challenge, but how can he gather sensitive information, know it's completely safe and keep customers reassured at the same time?

"We're 100-per-cent confident in our system, but we know it always needs to be improved," he says. "A breach could have a massive impact on our agents and customers and we're hoping we can continue to find ways to ensure our clients and our team are protected."


Story continues below advertisement

David Skillicorn

Professor in Queen's University's School of Computing, Kingston

It's good that he's deleting the SIN, but you have to think carefully about what deletion means. It's probably still there. If there's malware on your computer, it can look around the system and pick up fragments you thought were deleted.

What's happening now is that people aren't trying to put up ever more fancy walls, but they're learning to live in an environment where they know the system is open. For instance, instead of sending one SIN to the other end, send them 20 with only one being the real one. It's harder to figure out which is the right number.

There's also a technique called "secret sharing," where two people know a piece of information between them and can figure out the right answer together, but neither can figure it out on their own. That makes it harder for someone who randomly intercepts something to determine what's there.

Intelligence organizations have been pushing for this for about five years, but it hasn't received much penetration in business yet, though it's coming. People are realizing that you can't keep putting wall upon wall up, because hackers still get through.

Story continues below advertisement

Rohit Sethi

Vice-president of product development at Toronto-based Security Compass Inc.

Things have changed quite a bit over the years. We're more interconnected than we were a decade ago, there's more widespread knowledge on how to hack, and it's a lot easier to do. It's becoming even more important for businesses to protect customers.

There's not one thing that they can do. Security encompasses many things, like having anti-virus software on desktops and phones, having a specific person responsible for information security, using encryption technology to store data. But the key is building a security program that aligns with the business's needs. They have to ask themselves, "How can someone hack into the software?" and then they can build in controls to prevent those specific hacks.

It's also important to be constantly monitoring for a breach. There are entire categories of security tools that can let you know if you're being attacked.

Expert comments have been edited.

Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to If you want to write a letter to the editor, please forward to

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies