Friday, 19th February 2021 | Management
Protecting your online presence from cybercrime
Small businesses are susceptible to cybercrime attacks. Here's what you need to know to protect your business.
Contrary to popular belief, cybersecurity is not just a problem for big enterprises. In 2019, one in five SMBs was the subject of an attack and 37% of those estimated their damage to be more than $100,000, according to an Insurance Bureau of Canada poll about cybercrime and small- or medium-sized businesses. Worse yet, cybercrime is on the rise in Canada, according to the Canadian Centre for Cyber Security’s 2020 National Cyber Threat Assessment Report and the technology is becoming more sophisticated. If you’re a small- or medium-sized business, you’re not immune from attacks but there are things you can do to bolster your security. Read on to learn more about cybercrime and how you can protect your business.
Why SMBs should be concerned about cybercrime
When it comes to cybercrime, the media tends to report on large-scale hacks and major security breaches but Canada’s small- and medium-sized businesses are at as much risk—and may not be as prepared. In the early days of the internet, hackers were mostly interested in mega-corporations and government--organizations that could yield massive pay-offs when breached. These days, though, there’s money to be made from smaller businesses. If you operate un- or inadequately protected, hackers could get into your databases and they’re chock full of identities waiting to be stolen, contacts ready to be exploited, or cash for the taking. Even simpler, hackers might gain entry to your website and hold it for ransom, as happened to a Canadian insurance company in 2019. If you’re breached, the financial cost alone can be crippling, never mind the damage done to your reputation and ability to do business.
Cybersecurity basics: What you can do right now to increase security
Every business, no matter how small, should have security measures in place to protect against cybercrime. Despite this, as many as 40% of SMBs are completely unprotected. One reason for this is the misconception that cybersecurity is highly technical, complicated, and costly, but the Canadian Centre for Cyber Security asserts that this is just not true. In fact, they provide a “baseline” document outlining 13 basic measures SMBs can undertake to bring their cybersecurity practices up to date.
Make an incident response plan
A 2018 Statistics Canada survey found that 87% of respondents lacked a response plan. Plan ahead to make sure your business is able to recover quickly should you become the target of a cyberattack.
Make patching automatic
You know how your systems and applications sometimes show that there’s an update waiting? These updates are usually patches and very frequently have to do with internet security. You can increase your security by selecting “automatic updates” for your systems and hardware rather than having them installed manually.
Use firewalls and anti-malware software
Getting suitable security software can protect your system against cyberattacks.
Use secure your devices Gone are the days of using default passwords.
Configure your devices by changing your passwords, reviewing settings, disabling extras, and enabling any security features.
Codify strong user authentication
Believe it or not, one of the most common ways hackers gain access is through guessing passwords. Develop a password policy, such as using passphrases, having a minimum number of characters, and including a mix of letters, numbers, and special characters. Also, consider multi-factor authentication where more than one method is required to log in.
Train your employees
Raising employee awareness about the issues and training them on the proper use of company systems and machines will reduce the risk of cybersecurity breaches, many of which depend on the ignorance or haste of the user. “Most cyberattacks are socially engineered, designed to illicit a hasty response from the user, and that is when the real damage can occur,” says Humzah Khaial, Managing Director at Numentis. “Nobody expects a computer to be infected, especially when working from home, which is why it catches most people completely off guard.”
Backup and encrypt your data
If you have a secure, encrypted back-up, you can recover quickly from a security breach.
Secure your mobile devices
Many companies use mobile technologies like smartphones as part of their day-to-day business. These devices need to be secured. Consider a corporately owned, personally enabled (COPE) model or corporately owned business-only (COBO) approach. In either scenario, users should only use apps from trusted vendors.
Adopt basic perimeter defences
Networks, Wi-Fi, and VPNs are all ways to gain access to your system. Implement defences including firewalls, encryption, and two-factor authentication.
Secure cloud and outsourced IT
If you store information in the cloud or use outsourced IT services, make sure you know how sensitive information is handled, and what protections you have. Also, be aware that if your data is held somewhere other than Canada it will be subject to different privacy laws.
Secure your websites
As a customer-facing asset, your website can’t afford a breach. Start securing it with the Application Security Verification Standard (ASVS), a list of security requirements and controls to implement during all phases of web application development.
Enable access control and authorization
Most computers use accounts where an individual must enter a username and password. Make sure you have unique logins for all employees and disable old accounts when employees leave. Don’t use shared accounts. Be sparing with who has administrator access.
Secure your portable media
USB drives, hard drives, and memory cards are all examples of portable media, and they should all be secured with encryption whether they’re in the office or not. Also, be wary of drives received from others (such as at a conference) as they may contain malware. Don’t use them until they’ve been assessed.
This list may seem overwhelming but each of these actions can prevent a costly cyberattack. “It’s critical that Canadian businesses take a 360-degree approach to managing cybersecurity risk,” says Khaial, adding that a framework of prevention, protection, and education is the most effective strategy.
Read Also
4 ways to engage customers using video on Instagram
Social media can seem like a far cry from the actual business of, well, running your business but the fact is, Canadian consumers are on social media, and they’re hoping you are, too. Video content is some of the fastest-growing and most engaging out there so this is an excellent place to start—even if you’re camera shy. Video is all about showing instead of telling so today we’re going to take a look at four Canadian businesses that are doing a great job on social media to give you some ideas of how you can use video on your Instagram profile. Read on to get your creative juices flowing.
"DIY" stories | Go Clean Company, Calgary @gocleanco
At the beginning of the COVID-19 pandemic, Calgary’s Go Clean Company was just another cleaning company with a moderate following on social media. Now they have 1.8 million followers. What’s really remarkable is that their strategy is as simple as vinegar and water. Go Clean Company engages its followers with show and tell. Log on to their Instagram on any given day and you’ll see videos sharing recipes for cleaners and offering how-tos and hacks, both in their stories and feed. Their content is down-to-earth, funny, actionable (did you know you can clean microfibre furniture with Windex?), and relatable—and they even offer a Cleaning Army Handbook.
Takeaway: Think about what your company can share that people would find helpful and shoot a quick video on your phone.
Strategy: Educate people with DIY videos
Live video | Erietta Boutique, Toronto @eriettaboutique
With spring upon them, Toronto’s Erietta Boutique found themselves in a familiar position for retailers—they had leftover merchandise from the previous season because their storefront had been closed for months. Rather than hang a sale sign in the window, they tried something they’d never done before: a weekly live sale on Instagram. It took some time to figure out the mechanics of it (the owner enlisted her son to operate the camera and track the sales as they happened), plus she admitted on camera how nervous she felt but it has engaged dozens of customers week after week.
Prior to COVID, the boutique had a very minimal website but they took the time to make some upgrades and put nearly their entire inventory online. Video posts are a simple and fun way to show off sale items and let followers make purchases, and the live aspect increases engagement and excitement.
Takeaway: Consider which elements of your business could inspire excitement if they were held live. And don’t worry about being nervous or trying something new—your customers won’t mind.
Strategy: Sell using live events
Reels | The Nest, Fredericton @thenestyogafreddy
In addition to the grid-style feed and IGTV posts, Instagram offers “Reels”. These are 15-second videos similar to what you can create on TikTok. Unlike Stories, Reels stay on your profile in the Reels tab. Plus, they can be seen by people who don’t follow you, too. The Nest has been experimenting with Reels to engage customers and potential customers alike. They’ve blended sales-y content with fun in clips like “What to get your girlfriend for Christmas”.
Takeaway: Be experimental with your content and see what works. Don’t be afraid to share a peek “behind the scenes”.
Strategy: Engage people with Reels
Feed videos | MEC, Canada @mec
Just because MEC is an enormous brand doesn’t mean smaller enterprises have nothing to learn from them. Their how-to videos rival what you’d find on YouTube and avoid the bloat of ads to boot. Under their IGTV tab, they’ve got videos like “How to wax your skis”, “how to choose climbing shoes” and “How to layer clothes”, among other types of videos. Not video, but notable nonetheless is their post on the “Guides” tab. They’ve compiled existing feed posts to create a “staffer’ gift guide”. What a great way to re-use past posts. These Guides can be shared on Stories, too.
Takeaway: Make your social media useful to your customers by sharing your expertise
Strategy: Be an expert with “How to” videos
Social media—especially video—can seem like a high bar to clear but luckily for Canadian small businesses, it’s easier than ever to get air. Instagram offers a few ways to engage people through videos. Experiment with these simple yet effective Instagram tools and see what a difference it makes to your business.
Marketing