The MS Society of Canada is a national charitable organization that supports research and services to help the 100,000 Canadians living with multiple sclerosis (MS) and their families fight against this disease. Founded in 1948 and run with virtually no government funding, the MS Society relies on donations from tens of thousands of dedicated individuals, companies and foundations in communities across Canada.
“Like most non-profits, we process donations online through our website assets,” explains David Arbuthnot, VP, Shared Services at the MS Society. “We feel a responsibility and accountability to our donors to ensure we are protecting their personal information to the best of our abilities. We also need to safeguard the privacy of our clients that live with MS.”
Even with regular security perimeter checks and other tests to identify threats, the MS Society recognizes that there are still vulnerabilities that could put the private information of clients and donors at risk. They don’t want to take this risk and turned to TELUS, already the organization’s mobile provider, to help the MS Society improve their security posture.
The first initiative was digital social engineering tests, which examined vulnerabilities in staff behaviour and educated employees on the safekeeping of vital information. “We want to make sure that from all points of contact, our staff and the information they have access to are secure. This includes knowing how to recognize phishing campaigns, how to store and access data securely, and how to stay safe even when they’re on non-corporate devices,” says Arbuthnot.
For the last three years, TELUS has helped protect the MS Society with threat and vulnerability assessments of its IT infrastructure, web applications and the PCI environment, and has provided physical social engineering services, a process that looks at an organization’s physical structures to identify vulnerabilities.
Is it overkill? As many Canadian companies know, it’s not a matter of “if,” but “when” an organization will experience a security breach. As the digital economy is increasingly intertwined with public cloud, mobile devices and social media, the threat landscape widens.
With today’s digital minefield, even charities are not immune. “Many believe that as a non-profit, we’re not targeted by hackers. But we know that charity donation sites are used as testing grounds for credit card theft. Often thieves will make small purchases to verify if a stolen credit card is active before moving on to larger purchases. It’s not unusual to see hundreds of small transactions come through in minutes,” says Arbuthnot.
Working as an extension of the MS Society’s own IT team, TELUS delivered actionable recommendations to safeguard client, donor and staff personal information. In addition to a collaborative approach, Aruthnot appreciated “the lack of surprises.” TELUS delivered on its promises in the estimated number of hours. The partnership continues with more security solutions planned for the MS Society.
About the MS Society of Canada
The MS Society is dedicated to finding a cure for multiple sclerosis by funding leading-edge research and improving the quality of life of those affected by the disease. The MS Society offers programs and services for people with MS and their families, and its affiliated MS Scientific Research Foundation is among the largest funders of MS research in the world. Please visit mssociety.ca or call 1-800-268-7582 to make a donation or to learn more about the latest in MS research and programs in your area. Join the conversation and connect with the MS community online – find @MSSocietyCanada on Twitter, Instagram and Facebook.