### Free Cybersecurity Consultations for Quebec Nonprofits
Faced with an increasing threat of cyberattacks and constrained budgets, many nonprofit organizations in Quebec are diving into a new initiative aimed at fortifying their cybersecurity. Spearheaded by Polytechnique Montréal, this pilot project offers complimentary cybersecurity consultations, providing a much-needed lifeline to groups that often fall below what experts describe as the “cybersecurity poverty line.”
### The Challenge of Limited Resources
Marc Gervais, the executive director of IMC2—a cybersecurity institute uniting over 50 professors and research teams across Quebec—points out the stark reality many nonprofits face. “They generally can’t even afford basic training or audits,” Gervais explains. As they work tirelessly to fulfill their missions, organizations ranging from environmental advocates to community services are left vulnerable to a myriad of cyber threats such as phishing scams, data breaches, ransomware attacks, and more.
### Vulnerable but Valuable
The landscape of cybersecurity issues is not exclusive to large corporate entities. In Quebec, numerous nonprofits share the same vulnerabilities. For example, in 2023, pro-Russian hackers successfully targeted multiple websites linked to the Quebec government, even crippling Hydro-Québec’s online services. Such incidents showcase the pressing need for even smaller organizations to fortify their digital defenses, emphasizing the urgency of the Cybercitizen Assistance Network pilot project.
### A Unique Solution from Academia
To address this gap, IMC2 has rolled out a forward-thinking strategy: training students to evaluate cybersecurity vulnerabilities within these nonprofits. Under the guidance of faculty members, students will conduct free audits, offering practical experience while significantly benefiting the organizations they serve.
The project recently received a $1.3 million grant from Google, launching its first initiative with the Institut du Nouveau Monde (INM), a Montreal-based nonprofit dedicated to encouraging citizen participation in democratic processes. The organization’s director, Louis-Philippe Lizotte, expressed keen awareness of the necessity for robust cybersecurity in light of the headline-grabbing incidents that plague the nonprofit sector.
### Assessing Needs and Crafting Solutions
During the auditing process, nonprofits like INM often discover critical gaps in their cybersecurity protocols. “We often identify areas for improvement in what we call cybersecurity best practices,” Gervais explains. Many nonprofits lack dedicated technical staff to conduct regular cybersecurity audits, leading to unpreparedness in the event of a cyberattack.
For Lizotte at INM, the audit offered reassuring findings; it highlighted a few additional tools and recommended better training for existing staff. With this newfound awareness, he stated, “Now we know where we stand in terms of cybersecurity, and I’m pretty satisfied because we’re not doing too badly.”
### Navigating New Privacy Regulations
The pilot project also highlights an essential legal framework impacting nonprofits in Quebec: the 2021 overhaul of the Personal Information Protection Act. Nonprofits must now comply with regulations pertaining to data collection and disclosure, including the necessity for explicit consent and reporting unauthorized access. This legal landscape adds another layer of urgency to the cybersecurity consultation initiative, as organizations face significant penalties for noncompliance.
### Local Focus with Broader Aspirations
The initial audits are conducted online, a favorable approach that could potentially streamline processes for nonprofits throughout Quebec. Project manager Fyscillia Ream notes that while the focus remains primarily on the Montreal and Gatineau regions, the need for similar programs is evident across Canada. “We really adapt to the needs of organizations, whether they simply want an audit or to raise awareness among their employees or users,” she explains.
### Navigating Toward Cybersecurity Empowerment
The overarching goal of this initiative is not merely to provide short-term solutions but to help nonprofits achieve cybersecurity self-sufficiency. By offering follow-up support, customized training sessions, and actionable reports after audits, the program fosters an environment of resilience within the nonprofit sector.
Gervais concludes by underscoring the importance of a collective nationwide effort in addressing these challenges. “I think we will have to collaborate with other institutions because this is a truly Canadian need,” he shares, signaling a hopeful trajectory for nonprofits across the country striving to secure their digital environments.
