Podcast: Best practices for navigating cybersecurity

In this month’s podcast episode, we talk to Nick Maturo, Interim Executive Director at the English Language Arts Network (ELAN), to delve into the aftermath of a cybersecurity incident that ELAN faced a few years ago. Nick offers valuable insights into the incident's repercussions, the invaluable lessons learned from the experience, as well as the implementation of best practices and procedures in response.

(Scroll down for the transcript.)

Want to make sure you never miss an episode of the podcast? You can subscribe for free on Spotify, iTunesPocket CastsTuneIn, or SoundCloud.

Further Reading/Listening

Transcript

Nataly Alarcón: Welcome to our new episode of the BookNet Canada podcast. I am Nataly Alarcón, BookNet's marketing and events manager. In today's episode, we are building upon the insights shared in our March episode, where we interviewed cybersecurity expert Francis Syms. This time, we are continuing the conversation by sitting down with Nick Maturo from the English Language Arts Network to explore the aftermath of a significant cybersecurity incident that ELAN faced a few years ago. But before we delve into our conversation, let me introduce our guest. Nick Maturo holds an MA in Communications Studies from McGill University and a B.F.A. in Electroacoustic Studies from Concordia University.

His ongoing research considers musician labour and the role of institutions within the rapidly evolving field of online music distribution. Nick is the interim executive director at the English Language Arts Network, ELAN, a not-for-profit organization that connects, supports, and creates opportunities for English-speaking artists and cultural workers of all disciplines from every region of Quebec. They share expertise and resources for career advancement, funding opportunities, employment opportunities, and calls for participation in the arts. Welcome to the BookNet Canada podcast, Nick. Thank you so much for taking the time to have this conversation with us. How are you doing today?

Nick Maturo: I'm very good. Thank you so much for having me.

Nataly: Thank you. Can you share with us the story of the cyber incident that ELAN experienced in 2022?

Nick: Yeah, of course. So there is some sort of precedent to it that we can maybe get into later on. But sort of the core of the event began in December of 2022. So, as part of one of the projects that we have been carrying out for a number of years, we were making one of our regular payments to a trusted project partner. We're going to be making that by direct deposit and had been instructed to wait for sort of account details before executing the payment. So, as expected, we received an email informing us of where the money should be deposited. We're preparing to do so. And then just a moment or two later, received another email appearing to come from the exact same email address advising us that in fact, the account they had just sent us had been compromised and asking us to send the deposit to a new account. And they provided that information. So because it appeared to us at the time to be a legitimate email, we went about that and made the transfer. It wasn't until two weeks later that we actually heard back from our project partner inquiring about the status of the payment. So it was really at that time that we became aware that a fraud had taken place, that that was not a legitimate email that we received.

So, really, at that time, we did what anybody should do in that situation, which is contact the police, contact your financial institution first and foremost. Obviously, because this was dealing with funds from a public funder that was funding the project, we contacted them as well to make them aware of the situation. And so in that initial period, we were obviously shocked. It was a very troubling experience, but we felt that we had a reasonable cause for optimism that the worst could be avoided. So our financial institution and the police who opened an investigation advised us that there was a possibility that the funds could be recovered. In speaking with our project funder, they advised us they would need to do their due diligence, but there was a possibility that we could treat the loss as a project expense, which was not great in that we would have had to sort of reduce activities for that project, but nevertheless, it would have meant that we would not have had to carry that loss on ELAN's books moving forward. And then, we also felt fairly confident because we had extensive insurance as well.

With all of that, as I say, obviously it was a major shock, but in those initial stages, we felt like the worst could be avoided and that we would be able to emerge from the experience with some lessons learned. But basically, so that all happened in December and sort of very early January of the following 2023. But basically, as 2023 rolled on from January into March, the optimism sort of evaporated. We got one piece of bad news after the other. So first really was the police and the financial institution informing us that the investigation was not fruitful. There was really no recourse in terms of being able to recover any of the stolen funds. Then, based on that, we received the one piece of information that we were really dreading. So, our funder had to move the case to the Department of Finance Canada for a review in terms of how the stolen funds would be treated. And it was at that point in March of 2023 that they informed us that we could not, in fact, treat those funds as a project expense. So that would be a loss that ELAN would have to carry on our books moving forward, thereby overnight, resulting in a fairly substantial deficit. And then the sort of final piece of bad news was from our insurance. We found out that while we do have extensive coverage, our policy did not actually cover that kind of fraud. So we would only actually recover 10% of our total loss. So needless to say, you know, from the initial shock there was an even greater shock that sort of set in at that point in terms of how to proceed from there.

Nataly: That sounds very frustrating. Were there any early signs that maybe indicated ELAN was being targeted?

Nick: Yeah. So, in hindsight, there were definitely some flags that we noticed and that we had been paying attention to for a while. So, I joined ELAN in 2019. And really right from the start, I was familiar with something that had been going on for a little while by then, which was spam emails that we would receive from somebody essentially posing as our executive director at that time, usually asking for some sort of quick favour. "I'm out of the office. I need you to go purchase this for me and send it to this address," something like that. But while they made efforts to sort of try to copy that person's writing style, there were always giveaways in terms of maybe the email sign-off wasn't 100% correct. And then the obvious one was that the email address would not be legitimate. It would be coming from executivedirector@hotmail.com or something like that. If you took a second to look at it, you would know, okay, yeah, this is definitely spam. They were really, I think, banking on at that point somebody seeing this urgent request from their boss and saying, "Okay, I'm going to jump right on this. I'm not going to take the time to look twice."

So basically, as a team at that time, we became aware of that. We would sort of, any time one of those emails came in, we would flag it for each other on Slack to say, "Hey, keep your eyes peeled in case one of these comes in for you as well." And it almost sort of became an in-joke at that point, sort of laughing that our fake boss was at it again. And then sort of the approach became a little bit more sophisticated at that point. They moved on to trying to spoof other staff members. They would spoof new members of the team as well. So clearly, there was some attention being paid to most likely our website in terms of looking at the staff page and seeing any turnover. And eventually, it got to a point where they were actually able to make it look as if the emails were originating from legitimate ELAN email addresses. So that obviously made it harder to sort of spot those warning signs. I think, you know, again, if people are paying attention, they'll notice that the writing style is just not what you're used to from that colleague or the request sounds a little bit fishy.

So we took what we felt were the necessary precautions at that time, increasing spam filters, which was able to catch those emails, even if they were, you know, apparently originating from a legitimate address. And we also made what I think was a very wise decision to remove our actual staff email addresses from the ELAN website, and we replaced those with contact forms. So basically, if, you know, members or people from the community wanted to get in touch with us, they would submit a message through the website and then an automated system, but then direct that to our email addresses. So, at that point, we really felt like we had taken sufficient measures. We didn't see any indication that there was going to be this kind of, you know, dramatic jump in terms of how ambitious their efforts were going to be. I mean, we don't even know for a fact it was the same perpetrator because it's just, you know, one of these things that has to unfortunately remain a bit of a mystery. But it did, in hindsight, indicate that at the very least somebody had taken notice of us as a not-for-profit arts service organization. You wouldn't assume it would be a high-profile target. But over a number of years, clearly, we were on their radar.

Nataly: Yeah, it does sound like they took their time to get to know the organization and tried different approaches, which is probably the scariest part when it comes to these types of things, right, that things can seem very real when they're not.

Nick: Absolutely. And it goes to show that, like, I think one of the most important things you can do, and I can talk about this more a little bit later, but, you know, just remaining vigilant, paying attention and don't treat it as though just because, okay, I dealt with this problem today doesn't necessarily mean it's not going to evolve and there's maybe going to be new pitfalls that emerge further down the road.

Nataly: Absolutely. So, in terms of impact, what was the immediate impact beyond, you know, once you notice and the things that you've mentioned, was there anything else related to perhaps the staff or external stakeholders?

Nick: Yeah, definitely. Well, I mean, initially, what we needed to do was go to our board and being able to analyze the situation, secure a mandate to continue the organization's operations, and to come up with a plan to address the deficit. The first part of that plan really involved, fortunately for us, looking at a rainy day fund that our previous executive director had been able to put together over a number of years at that point. So that at least gave us a certain level of relieving the pressure right away in terms of being able to address some of that deficit. Aside from that, another really important step at that point was to notify our other funders, even though their funds were not implicated in that fraud. Obviously, you know, this is something significant enough that it would affect the organization to one degree or another, and we wanted them to be aware of that. We wanted to be really transparent and upfront with them.

And we also wanted to be upfront about the fact that while we would have to take measures to cut the deficit, we were not going to do so by reducing our services to our members or the community or to fail to meet the deliverables that we had agreed upon in our existing active funding agreements. So once we had had those necessary conversations, we really went about further developing that deficit management plan. So part of that entailed forming an ad hoc deficit management committee made up of board members and other volunteers from the community in collaboration with our director of operations, who is the staff liaison. So, I'm really trying to look at other fundraising opportunities, getting creative in anything that we can do to help get rid of that deficit as quickly as possible. And then, you know, working together as an administrative team to put together a budget that would be able to balance certain cost-cutting measures while still ensuring that we could provide the same high-quality services that we're used to providing for our members.

So really full credit to our staff for getting creative and working super hard this year to help make that possible and to carry out a year with a creative budget that I think, you know, didn't notice a dip in the quality of what we offer to our members. So I think we as a team feel really good about that. And then, after we sort of felt like we had a really solid plan in place, we wanted, of course, to let our members know. We didn't want to make the announcement to them before we felt like we had a solid plan in place, because obviously, understandably, they would have plenty of questions about what we were doing to address the issue. And we felt it would be irresponsible to sort of have that conversation before we had formulated a plan. So we sent out an email to all our members from our president informing them of the situation, but also sharing some best practices that we had developed based on our lessons learned, that we were really hopeful that those could serve other folks in the community by, you know, for people who are maybe a part of a very small arts organisation or just don't have the in-house expertise when it comes to this sort of thing. At least we could share some knowledge that would hopefully leave them better off.

We received, I have to say, a really positive response to that. I think people really appreciated us being transparent, having nothing to hide. We felt very strongly that we had nothing to hide, and we wanted to be really direct about the whole thing. And that was really well appreciated, in addition to the best practices, which we received a lot of positive feedback about. We also had people reaching out to us to say, you know, either I work with an organization that had this happen to us in the past, or I know people who have worked in an organization that has gone through a situation just like this. And they really appreciated how open we were about this and that there was no sort of falling prey to the stigma that can sometimes come from being the victim of a fraud.

You know, there is the sense that sometimes it's as though the victim deserved it because they weren't being responsible or something like that. And we felt really strongly like we wanted to push back against that sort of view of this kind of fraud, and people really responded positively to that. And then kind of as the final step, you know, in really wanting to give our members every opportunity to have access to us to ask really frank and direct questions, we organized a town hall event over Zoom, including myself, our director of operations, and our president of the board. And I have to say it was a fairly sparsely attended town hall event, which I took as a positive sign that people felt pretty confident based on our email that went out. And in fact, the people who showed up, they had the odd question here and there, but for the most part, they showed up to show their support for us and for ELAN and to make sure that we were doing all right, which was super appreciated and really shows how fortunate we are to have a wonderful community around us.

Nataly: I'm so glad to hear that and to hear that other organizations felt comfortable approaching you and saying, "You know what, we have gone through similar things," because this is one of those things that you think like, oh, that's never going to happen to me. And then, one day, something happens. So hopefully no, but it just goes to say that we all need to be very vigilant, right?

Nick: Yeah, we're all human, you know, despite our best efforts to be really responsible and conscientious. These things can happen, and it's also a product of the fact that I think people working in arts and culture, particularly people working for smaller organizations, are just so busy. A lot of folks wearing multiple hats and juggling different responsibilities. It can feel like a luxury to slow down and take that extra minute to, you know, say like, okay, check the email address to make absolutely sure. But it clearly shows that there's a value in doing that and not just feeling like that's a luxury that you can't afford to take.

Nataly: Yeah, absolutely. Plus, as I understand, the strategies that these cybercriminals are using are very sophisticated, and they keep on getting just better and better at it, which is even more dangerous for, you know, potential victims.

Nick: Exactly. And it goes to show that, you know, like in the best practices that we shared, they're very valuable up to a point. But there also is no substitute to speaking with an expert when it comes to something like cybersecurity and IT, which I know can be challenging for some organizations that are small and have a limited budget. And it might not necessarily mean that you have an IT consultant working with you on a daily basis. But I really do think it's worth prioritizing having some sort of access to a trusted IT professional who can help you because there will be things that you don't know, or that are sort of specialized knowledge. And it's perhaps not reasonable for you to even know in any great detail, but, you know, ensuring that you're well protected. There are administrative steps that you can take, but there are also sort of more technological steps that need to be taken as well.

Nataly: I agree. So you've mentioned best practices. And I'm curious, you know, what other measures did ELAN implement after the incident happened?

Nick: Well, I think our best practices are a pretty good to-do list of the kind of stuff that we were looking at after the fraud took place. So I can sort of go through those and speak to our experience. The first best practice on our list was watch for early warning signs, as we were talking about those initial maybe more comical attempts at fraud, but that were an indicator that something was going on. So we're still really looking out for anything that might indicate that there is still some sort of ongoing concern. And I would really give that advice to others as well as if things are coming through your inbox and they look a little bit fishy, obviously, deal with those in the short term, but also take a longer-term approach as well in case those are part of something bigger, let's say. And then I mean, the next one sort of speaks to what I was just talking about, in terms of developing a practice of taking your time and giving these sorts of issues the necessary attention.

Again, so many of us in this field are so busy and, you might feel like you're being sort of overly cautious taking the time to call or email that colleague to say, "Is that you that sent that or is that a real attachment? Can I open that?" Or sometimes I'll even forward it to our IT consultant to just say, "Is this coming from the real person?" And he will say, "Yes, it's fine. You can do that." And you maybe feel a bit silly in the moment but I think it's really important to feel if you're not sure, it's a good warning sign that it might not be a fraud, but it's something that you should look at, and consider whether it's maybe something more threatening. A couple of more sort of practical steps in terms of testing new account information when you're doing direct deposit. So sending a dollar first and then asking your...whoever it is receiving that to confirm that the deposit works. Because, obviously, if it's fraudulent account information, losing a dollar is not the end of the world compared to losing the full amount. And then, even if it is the full amount that you're talking about, ask the recipient to confirm the deposit. Usually, that can take up to 48 hours. But from what we understand about fraud and cybercrime if you can flag that within the first 48 hours, you do stand a greater chance of perhaps getting your funds returned. So if you can, in our case, we were stuck waiting for two weeks for indication from our partner, not for anyone's fault, but just because we didn't have a sort of practice already in place.

So it's really important to get that confirmation, and then, you'll know right away if something has gone wrong. Another important lesson learned that we've implemented is not exchanging that kind of information over email anymore. Pushing back against the convenience of email and saying, "Okay, give us a phone call, or if need be, send it through regular mail, if need be." But just cutting down on that risk of potentially having that information intercepted. A lesson we learned quite significantly through this experience is, verify your insurance coverage. If we were the victim of a more conventional theft that took place in our offices, we would have been covered up to a million dollars, but because fraud is usually a separate rider from conventional theft, we were not covered. And in fact, as our sort of research after the fact has pointed out, that additional fraud coverage can be quite costly. And frankly, to a degree where it's maybe not even realistic for a small arts and culture organization to have access to that. So at least being able to talk to your insurance provider, do your due diligence, and if you get to a point where you decide it's not possible for you, at least ensure that you're taking other steps to make sure that you're overall well protected.

One huge lesson learned was, if it happens, make sure you're supporting your team. Obviously, both in terms of the people who were closest, most directly affected by the experience. There's a lot of self-recrimination and self-blame that comes from that sort of experience. A lot of would have, could have, should have looking back, and it's very human to feel that way, but it's ultimately not productive. And it's not beneficial to them and their well-being and their mental health to sort of dwell on that. So it's really important to make sure that they are not shouldering any specific blame and to make sure that they're well supported. And, it also goes for the broader staff beyond just those who are most directly involved because there is going to be a lot of uncertainty that comes up around this. So it's really important to make sure that the rest of the staff knows what's going on to the degree that you're able, because obviously some bits of information you might not be able to share just yet, but making sure that they feel like they're in a loop, that the change of communication are open. And, ensuring that you're, to as much as you're able, providing some reassurance to them in a time when they're surely going to have a lot of questions about what does this mean for the long-term viability of this organization. Are our jobs at risk?

So, it's challenging for somebody in a management position, because you might not even have all of those answers just yet and it doesn't feel good to tell somebody that, "I just don't know yet." But to the best of your ability, I think you just want to be sort of open and honest and transparent with them. And I think they will appreciate that and they will understand that under the circumstances, you're doing the best you can. And then, the last bit of sort of best practice kind of loops back around to the first point in terms of just being vigilant in the future. We're still looking for those potential early warning signs of a future incident. It's not about being paranoid or sort of going overboard, but it is just sort of keeping your eyes open and understanding that something small could potentially lead to something big. So obviously, you want to make sure that your staff and other folks working with you are being attentive as well.

I think it's really important to provide some explanation as to why you've maybe put some of these policies in place for any new staff who join your team who weren't around for the initial experience because it'll sort of be for anybody who lived through that, it'll be self-evident why you maybe should email a colleague to verify an email attachment. Whereas with new staff, I think there can sometimes be a fear of, am I wasting my colleague's time? I don't want to be a nuisance or whatever, but letting those staff members know that this is why we're doing this. And, you should feel empowered to take the time and energy to do that sort of thing if there is something that feels like a red flag for you. So, we've really been trying to put all of these practices into our day-to-day sort of work. And, a lot of them feel very natural. A lot of them are just sort of an extension of things that we're maybe already doing. But I think it's been very beneficial to try to implement this stuff and, you feel a greater degree of confidence, I think, having these kinds of practices in place.

Nataly: Thank you. Thank you so much for sharing those. I'm sure that many of our listeners are going to be able to learn from that and hopefully apply some of those strategies.

Nick: Ultimately. I'm not a cyber security expert. So what I can tell you can only go so far. But, I think from a sort of arts administration standpoint, as much as possible, you want to provide just really sort of practical guidelines for people and then for anything that exceeds that, when in doubt, contact a trusted professional.

Nataly: Absolutely. You touched on this earlier. But I'm curious, from your point of view, what are some of the less discussed consequences of these types of incidents?

Nick: Yeah, I mean, a number of these, you could probably sort of tease out from stuff that I've already talked about. But certainly, I think it's worth being aware that it's not just the financial impact, which is obviously front of mind when you're dealing with this. But it's really important to protect your organization and be aware of the potential other consequences you could be facing. So, as I was just talking about, staff morale is a huge factor because there will be a lot of anxiety, unknowns, self-blame that comes from this sort of thing. That's the sort of thing that can really, if it's not dealt with properly, can really take hold and damage your team's capacity. It's draining. You can find yourself in a place of real negativity if you don't provide the necessary support and make sure that people do feel supported.

Beyond that, community confidence, I think, is a huge one. Obviously, for us as a member-based organization, it was front of mind, but it also exceeds our members to the wider community. For ELAN, we advocate on behalf of the English-speaking arts and culture community across Quebec. And, you want to maintain your status as a legitimate spokesperson for that community. And that community confidence takes a long time to build. ELAN work, we're now in our 20th year. At the time that this happened, a lot of hard work and effort had gone into building a really great community that had a lot of confidence in us, but that can just evaporate overnight, not just because of the fraud itself. But if your response is not rigorous and credible, then there's going to be that sort of appearance of what is going on over there. Maybe that organization isn't as well run as I think it is, no matter the best efforts that you might be carrying out.

So I think it's really important to be mindful of... And it's interesting because I think to sort of maintain your credibility, there's often the knee-jerk reaction of I'm not going to be transparent, or I'm not going to be direct about this, because it's embarrassing, and it's going to look bad. But really, I think what looks worse is if you seem like you're hiding something. If you've fallen victim to a fraud in a situation similar to what we experienced, you're a victim of a crime. There's always things that can be done better next time and lessons that can be learned. But, ultimately, you're a victim. So you shouldn't feel, I think, any stigma in terms of just being direct with your community, saying this is what happened. These are the measures we've taken to ensure that this isn't going to happen again. And this is what we're doing to ensure the long-term viability of this organization. And I think people are really going to appreciate you just being open and honest with them. And it's going to help you in the long run.

Another sort of maybe unforeseen consequence concerns your eligibility for funding, or perhaps the impact on funding you're already receiving. So we had an interesting situation with one of our long-term funders, where we had a programme that was up for renewal, which we had sort of indications that we could be reasonably confident about the renewal of that funding. But by virtue of sort of being upfront with them and saying, look, this has gone on, it triggered sort of an internal review process, which is, I think, totally understandable under the circumstances, because it does change the picture of an organization that is all of a sudden going to be receiving public funds under a different context. So for us, it led to a situation that we had not anticipated of sort of unexpected delay in that funding coming through, which had all kinds of knock-on effects in terms of decisions that we had to make about that project, about project staff.

I'm really grateful that I think our track record and our reputation, and our solid debt management plan sort of renewed the funder's confidence and was significant enough to sort of justify that kind of review process that was going on. But it was after the initial shock of this experience, it was sort of an unexpected consequence that I don't think that we were fully expecting. And even still now, when we're applying for major grant applications as an organization, we have to acknowledge the fraud and the sort of lingering deficit, as well as, of course, our plan to deal with that deficit. But, we do have to be really upfront about that. And there is always the chance that despite your track record, or despite how many years running you've maybe had access to a specific kind of programme, that that could impact your successive funding. So it's not something you can necessarily plan for. But I think it's something that you want to be aware of. And it's something that as you're planning your sort of deficit management plan, you don't necessarily want to take those sorts of things for granted either.

I think you want to be aware that there could be a knock-on effect as far as your funding situation changing further down the line as a result of this. And then lastly, it's sort of the big picture is organizational stability, not just in that kind of immediate term, but also in the medium and longer term as well, because, I think as that sort of funding situation shows, there can be consequences that crop up down the line that you're not expecting. You might already feel like you have the situation resolved, and there are new fires to put out, so to speak. Obviously, when it comes to organizational stability, the fraud is both something that affects your organizational stability, but the stability is also the context that determines how you're going to be able to respond. So a more stable and long-term well-established organization is probably going to have an easier time of it than a newer organization that, no matter how well-run, maybe doesn't have long-term sort of established funder or donor relationships, doesn't have that kind of long-term community confidence. So I think it's worth being aware of that your track record as an organization will affect kind of how that situation plays out.

But you also shouldn't take it for granted that just because you're a long-term, well-established organization that you're going to have it easy either. When it comes to community confidence, when it comes to those questions around funding, that is stuff that can change overnight. So it can potentially help offer some stability, but it's not something you want to fall back on too much in terms of how you're formulating your response plan.

Nataly: Thank you, Nick. We really appreciate you for taking the time to talk to us about this. And I also really appreciate the approach that ELAN is taking about just sharing the experience with others and hopefully preventing others from having to go through similar scenarios. So thank you so much for that.

Nick: Thank you. Thank you so much for having... Because it is really important to us coming out of this whole experience to be able to have some good come from this, as far as being able to share these best practices, being able to, I hope, sensitize people to the issue without creating undue sort of fear and stress. I don't want people to sort of necessarily feel like there's a potential fraud around every corner or lurking in every email attachment. But really just to sort of show that it's important to be vigilant. It's important to know what the risks are and maybe develop some kind of a plan, a policy that you have that you can fall back on if something does ever happen. But yeah, really for us, what we wanted to do is try to help fight that stigma. If there are other organizations that have been through this, don't be shy about talking about it. As an arts and culture sector in Canada, I think it's really important to share our lessons with each other and help each other sort of be better protected and better prepared.

Nataly: Thank you for joining us for today's episode. Be sure to listen to our March episode and check out its accompanying resources, all available on the BookNet Canada website at booknetcanada.ca.

Before I go, I’d like to take a moment to acknowledge that BookNet Canada’s operations are remote and our colleagues contribute their work from the traditional territories of the Mississaugas of the Credit, the Anishinaabe, the Haudenosaunee, the Wyandot, the Mi’kmaq, the Ojibwa of Fort William First Nation, the Three Fires Confederacy of First Nations (which includes the Ojibwa, the Odawa, and the Potawatomie), and the Métis, the original nations and peoples of the lands we now call Beeton, Brampton, Guelph, Halifax, Thunder Bay, Toronto, Vaughan, and Windsor. We encourage you to visit the native-land.ca website to learn more about the peoples whose land you are listening from today. Moreover, BookNet endorses the Calls to Action from the Truth and Reconciliation Commission of Canada and supports an ongoing shift from gatekeeping to spacemaking in the book industry.

The book industry has long been an industry of gatekeeping. Anyone who works at any stage of the book supply chain carries a responsibility to serve readers by publishing, promoting, and supplying works that represent the wide extent of human experiences and identities in all that complicated intersectionality. We, at BookNet, are committed to working with our partners in the industry as we move towards a framework that supports "spacemaking," which ensures that marginalized creators and professionals all have the opportunity to contribute, work, and lead. We'd also like to acknowledge the Government of Canada for their financial support through the Canada Book Fund. And of course, thanks to you for listening.

Recent posts
Podcast: The W3C and digital publishing
Podcast: The W3C and digital publishing

In this podcast episode, we talk to Wendy Reid from Rakuten Kobo and the W3C.

Read More →
Subject spotlight: Fantasy
Subject spotlight: Fantasy

Sales and library circulation data of fantasy titles during the second quarter of 2024.

Read More →
European Deforestation Regulation EUDR webinar released
European Deforestation Regulation EUDR webinar released

An EDItEUR presentation on the European Deforestation Regulation.

Read More →
The Dua Lipa book club influence
The Dua Lipa book club influence

What is Dua Lipa's Service95 book club's influence on the Canadian book market?

Read More →
September 2024 Loan Stars Junior Canadian top picks
September 2024 Loan Stars Junior Canadian top picks

Find out what titles made it to the September 2024 Loan Stars Junior Canadian list.

Read More →
Turning pages: Print books in Canada
Turning pages: Print books in Canada

Highlights from Turning Pages: Print Book Use in Canada 2023.

Read More →
Accessibility Metadata in ONIX: Advice worth reading from EDItEUR
Accessibility Metadata in ONIX: Advice worth reading from EDItEUR

International standards organization, EDItEUR, releases Application Notes.

Read More →
2024 Canadian book market half-year review
2024 Canadian book market half-year review

A look back at the first half of 2024 in the Canadian book industry.

Read More →
5 questions with Red Deer Press
5 questions with Red Deer Press

Holly Doll from Red Deer Press answered our 5 questions with questionnaire.

Read More →
Subject spotlight: Thrillers
Subject spotlight: Thrillers

Sales and library circulation data of thriller titles during the second quarter of 2024.

Read More →
What we talk about when we talk about artificial intelligence
What we talk about when we talk about artificial intelligence

Useful AI terms.

Read More →
Easier with BookNet: Managing inventory and understanding stock turn
Easier with BookNet: Managing inventory and understanding stock turn

Understand stock turn and how to manage and improve your inventory with BookNet’s products and services.

Read More →

 

 

BookNet Canada is a non-profit organization that develops technology, standards, and education to serve the Canadian book industry. Founded in 2002 to address systemic challenges in the industry, BookNet Canada supports publishing companies, booksellers, wholesalers, distributors, sales agents, industry associations, literary agents, media, and libraries across the country.

 

Privacy Policy | Accessibility Policy | About Us

BOOKNET CANADA

Contact us | (416) 362-5057 or toll free 1 (877) 770-5261