This week marked the end of cybersecurity awareness month. Of course, just because the month has come and gone shouldn't mean that we don't pay attention to all the various things that we need to do to stay safe in the online world.
I'm an avid user of multifactor authentication and I advise just about everyone to use it. Case in point, one of my passwords that I used for social media accounts had obviously been compromised and that bad guy recently tried to log in as me. Luckily for me, I turned on the MFA function on these accounts so was I alerted to the fraudster's attempts. I immediately changed all my passwords.
Yes, MFA and changing passwords can be a slight inconvenience, but the alternative is too risky for me. What about you? Do you use MFA on most of your accounts?
On a completely difference topic, Quebec's data protection authority, the Commission d'acces a L'information du Quebec, released its long-awaited guidance document on what it means to obtain valid consent under the province's private-sector privacy law, Law 25. I found an unofficial translated copy that I read quickly. It's very long — in excess of 40 pages — and contains a fair amount of detail along with examples.
In the end, while the document provides some clarity as to expectations, I'm not sure it really improves my general sense of angst surrounding Law 25. The rules are strict and the potential penalties are scary. I think everyone should be paying attention to the CAI these days and a good starting spot is their guidance on obtaining valid consent.