Cyber Security for Counsellors in Canada

Counselling services have shifted into virtual spaces in the last five years, not completely, but a lot more than they had previously.

Being able to deliver services online creates new flexibility for therapists in private practice, including the ability to reach clients outside of your local area, make work-space more flexible, and make it easier to accept last minute bookings. However, it also creates new responsibilities.

With more information about your clients stored online, there is a new duty of care to make sure that private information is kept safe. It’s also important to make sure access to credit card and other payment information is secure.

Many liability insurance companies are now requiring cyber security training for counsellors and staff  in order to ensure you and your staff have the skills and knowledge needed to prevent risks.

I’ve been working in IT for over 25 years, and am a source of training and information on these and other related topics to my clients, and I’ve been developing and offering custom training long before even that. Before that, I worked as a counsellor in private practice. I’ve researched the specifics of cyber security legislation as they apply to private and group practice counselling practices, and compiled a training session that covers the most important skills and facts you need to know about legislation, technology along with advice about how to implement cyber security without spending a bunch of non-billable time on it.

Here are the basic cyber security principles for non-techies:

1. Protect your computer from physical theft or damage.
2. Lock up your data against thieves – whether they physically steal your devices, or hack into them over the internet.
3. Use good safeguards like secure passwords, and store those passwords in convenient but secure ways.
4. Verify details before sending money or providing data to others.
5. Have policies about all of this for staff, and data privacy agreements for contractors.

Protection from Physical Theft and Data Loss

Set a screen timeout on your computer/device so if it’s stolen while unattended the screen will be locked. Encrypt your device to make it much harder to read any data that is stolen. Have backups in at least 2 different places and a way of revoking access to data if your device is stolen. Lock up your backups too.

Good Passwords and Password Managers

You need a good long difficult password for everything (I’m sorry). You need to have two factor authentication turned on on everything (Yes, I know it can be a hassle.). You need to use biometrics on devices that support them.  You need to encrypt your data and hold on to a password for that too. How do I remember all these passwords? The easiest and most effective strategy is to use a password manager. In the course I teach I cover the details to make all of this happen, even if you decide not to use a password manager.

What information am I legally required to protect across Canada?

This varies from province to province, but in general, anything personally identifiable, including email addresses, for clients and in many cases for staff. If your stored information is breached, you have to tell the affected persons, and often the regulatory agencies or law enforcement, depending on the specifics. Your data must be destroyed securely when you no longer need it.

Policies for Staff and Contractors

Develop policies for how devices and information is to be secured and who gets access to it. I cover this in my course.

More information?

I provide live virtual training to individuals and groups, and pre-recorded presentations you can review in your own time. You can use this coupon code: CyberBlog to get a 15% discount off either a pre-recorded course of your choice or a recording of your live training.