Anastasiya Novikava
Copywriter
Anastasiya believes cybersecurity should be easy to understand. She is particularly interested in studying nation-state cyber-attacks. Outside of work, she enjoys history, 1930s screwball comedies, and Eurodance music.
Summary: CMHA's case study reveals how NordLayer protected sensitive data in dynamic environments.
Canadian Mental Health Association (CMHA), Alberta South Region (CMHA, ASR), is a mental health non-profit, charitable organization in Canada. CMHA, ASR serves the Southwestern Alberta Region. As part of a nationwide mental health organization, it delivers a wide range of services that contribute to all people’s well-being. Dedicated teams support people in need through housing, crisis services, case management, peer support, Wellness Recovery, information and referral, service navigation, education, and advocacy. From a rapid response operation to providing information to an emergency helpline, CMHA, ASR is here to help people walk through the most challenging moments of their lives.
The CMHA Alberta South Region operates in an area of approximately 200,000 people. It is located next door to two large indigenous communities with over 16,000 people living on and off the reserve. The organization’s nature and a team of 50 specialists working on several projects mean a dynamic and fast-paced workplace. Managing employee attrition and onboarding, working between program sites or at the regional hospital emergency department, and protecting sensitive client data require watertight and responsive security measures to support the daily CMHA operations. Wesley Chenery, the IT Specialist at the CMHA Alberta South Region, reveals the technological backstage of handling these challenges.
CMHA’s case is unique to the nature of the service model and its place in the health care system in Alberta. Although the organization does not fall under all the regulatory conditions within the public health care system, it is contractually mandated to follow compliance standards like HIPAA and other general data protection regulatory requirements. Yet, most of the security measures are applied by a proactive approach to avoid any potential negative outcomes of client data loss.
Our work culture requires a specific set of skills to be on board with what we do and offer to people. Unlike many more complex government organizations with layers of staff to support departmental needs, I am alone responsible for IT, statistics, and centrally administrating the CMHA’s client-data registry.
CMHA uses a client management system called ‘Efforts and Outcomes (ETO),’ where all client data is stored. The organization must follow government standards to keep data solely in Canada — it cannot bounce between servers in different countries.
The information has to be stored in the local data centers, and transfers must find a route that stays within Canada — other restrictions and policies regarding data are designed and implemented at our own discretion.
Contractual requirements and government regulations clearly outline data collection security standards. The organization is committed to maintaining high standards of compliance.
Another challenge CMHA faces is ongoing staff change. In a relatively short time, five employees tend to leave the organization, and another five join. A high rate of employee attrition and onboarding creates underlying security issues. Thus, access controls must be carefully managed to disconnect former employees and add new joiners in order to mitigate security risks.
So how does a company with limited resources can streamline its security policies and get ahead of security risks in one of the most cyber-targeted sectors?
A service provider that provides an extensive range of services from hospital presentation aftercare to housing vulnerable individuals, from completing taxes to the monitoring of prescribed medication or guidance on reintegration into society - must represent and maintain trust. Strict internal policies and different tools help to achieve this goal.
Every computer and phone had to run security software that was controlled centrally by the network administrator. Every endpoint had its cookies and internet data wiped out every half-hour or when a browser was closed. Moreover, the browser was running an internet protection tool, and for a VPN, CMHA used an in-house server which was getting old and expensive to maintain. It is also worth mentioning that the internet in Canada is not that fast.
There were many issues with in-house maintenance as hardware downgrades over time. You have to renew your licenses non-stop and buy accounts for new users — it’s just ridiculously expensive.
Besides, there was no option for backup with the on-site server — you lose power, and everyone loses connection. Upgrading the legacy infrastructure for better efficiency and getting more features demonstrated a need for a new solution that is well-developed and affordable.
The solution had to support the IT manager’s daily operations, not burden them. It also had to be simple and intuitive for fast user onboarding, turning money and time to value.
We used a really old and non-automated system to connect people from the VPN. I’d have to log into the server manually, unplug employees, change over their IP addresses, and afterward get them all set up again. It was extremely time-consuming.
Employees are not allowed to connect to public networks. However, they must be mobile as the staff’s workplace might transform into hospitals or encampments. Thus, the tool must be running on their devices.
To eliminate as many risks as possible, CMHA performs cybersecurity awareness training for its employees. There’s a strict work-only device usage policy not to mix business and personal activities on provided laptops and cellphones. Company policies allow user activity monitoring to ensure top-level compliance and client data security.
NordLayer provides Control Panel with visibility on user activity and controls, with features like Always On VPN, KillSwitch, or ThreatBlock managed centrally. Automation and simple controls allow for saving IT manager’s time and monitoring network safety on a unified scale.
The biggest feature that I’m really liking is the KillSwitch — it has saved us a couple of times.
Once somebody got into CMHA’s network and started changing their setting static IP address. The threat actor was overriding the computer and trying to re-direct our outgoing traffic. But when they hit Implement, all organization computers lost internet, stopping them from getting onto the company’s computers.
The malware virus was designed to sit underneath our programs and slowly transfer data. I’m guessing it would have probably taken about a month to realize there was an attack before anything started acting funny.
Because of the feature, computers went down instead of connecting to the router, where the attacker left a malicious program to transfer all organization information to them. Instead, it hinted to the IT manager that someone was on the network — therefore, data was secured, and the router went into the garbage.
Malicious activity and software can stay undetected on the network for months until the damage is done irreversibly. Threat actors collect or lock away sensitive data for ransomware - one of the most destructive types of cyberattacks - exposing client personal information and making businesses face risks and losses.
Sensitive client data in the mental health sector, dynamic teamwork arrangements, and only one person to make it work technically and securely poses a major challenge to anyone.
Therefore, even support-oriented organizations need assistance to make their work easy and effective. A solution like NordLayer is focused on eliminating the complexity and inconvenience outdated hardware brings to security administrators.
With NordLayer, I receive so few calls about network issues. Unless you are connecting to the right network, you won’t be able to use our systems — an immediate reminder to employees that they need to change the network instead of contacting me to troubleshoot via phone.
The right tools give more time, flexibility, and visibility to complicated and sometimes even destructive events in the organizational cybersecurity ecosystem. Besides security features, NordLayer enables to extract user activity data, useful for reporting and auditing, ensuring the security approach is compliant.
Despite the background and certificates in cybersecurity, real-life experiences bring the best insights into what methods and processes work best. Therefore, every story matters, it’s just important to hear it and apply it to your own case.
Wesley Chenery, IT Specialist of CMHA, Alberta South Region, shares the points of importance every security manager should consider and share with their organizations:
Using the right tools, you have better chances to be ahead of unfortunate events that threaten your organization’s network security. A proactive and safety-first mindset in evaluating risks and possible attack scenarios can become a vital element in business continuity. Make sure to upgrade to effective and efficient solutions — contact us to discover your options to improve the way the security of your company.
Subscribe to our blog updates for in-depth perspectives on cybersecurity.