Friday, 19th February 2021 | Management
Protecting your online presence from cybercrime
Small businesses are susceptible to cybercrime attacks. Here's what you need to know to protect your business.
Contrary to popular belief, cybersecurity is not just a problem for big enterprises. In 2019, one in five SMBs was the subject of an attack and 37% of those estimated their damage to be more than $100,000, according to an Insurance Bureau of Canada poll about cybercrime and small- or medium-sized businesses. Worse yet, cybercrime is on the rise in Canada, according to the Canadian Centre for Cyber Security’s 2020 National Cyber Threat Assessment Report and the technology is becoming more sophisticated. If you’re a small- or medium-sized business, you’re not immune from attacks but there are things you can do to bolster your security. Read on to learn more about cybercrime and how you can protect your business.
Why SMBs should be concerned about cybercrime
When it comes to cybercrime, the media tends to report on large-scale hacks and major security breaches but Canada’s small- and medium-sized businesses are at as much risk—and may not be as prepared. In the early days of the internet, hackers were mostly interested in mega-corporations and government--organizations that could yield massive pay-offs when breached. These days, though, there’s money to be made from smaller businesses. If you operate un- or inadequately protected, hackers could get into your databases and they’re chock full of identities waiting to be stolen, contacts ready to be exploited, or cash for the taking. Even simpler, hackers might gain entry to your website and hold it for ransom, as happened to a Canadian insurance company in 2019. If you’re breached, the financial cost alone can be crippling, never mind the damage done to your reputation and ability to do business.
Cybersecurity basics: What you can do right now to increase security
Every business, no matter how small, should have security measures in place to protect against cybercrime. Despite this, as many as 40% of SMBs are completely unprotected. One reason for this is the misconception that cybersecurity is highly technical, complicated, and costly, but the Canadian Centre for Cyber Security asserts that this is just not true. In fact, they provide a “baseline” document outlining 13 basic measures SMBs can undertake to bring their cybersecurity practices up to date.
Make an incident response plan
A 2018 Statistics Canada survey found that 87% of respondents lacked a response plan. Plan ahead to make sure your business is able to recover quickly should you become the target of a cyberattack.
Make patching automatic
You know how your systems and applications sometimes show that there’s an update waiting? These updates are usually patches and very frequently have to do with internet security. You can increase your security by selecting “automatic updates” for your systems and hardware rather than having them installed manually.
Use firewalls and anti-malware software
Getting suitable security software can protect your system against cyberattacks.
Use secure your devices Gone are the days of using default passwords.
Configure your devices by changing your passwords, reviewing settings, disabling extras, and enabling any security features.
Codify strong user authentication
Believe it or not, one of the most common ways hackers gain access is through guessing passwords. Develop a password policy, such as using passphrases, having a minimum number of characters, and including a mix of letters, numbers, and special characters. Also, consider multi-factor authentication where more than one method is required to log in.
Train your employees
Raising employee awareness about the issues and training them on the proper use of company systems and machines will reduce the risk of cybersecurity breaches, many of which depend on the ignorance or haste of the user. “Most cyberattacks are socially engineered, designed to illicit a hasty response from the user, and that is when the real damage can occur,” says Humzah Khaial, Managing Director at Numentis. “Nobody expects a computer to be infected, especially when working from home, which is why it catches most people completely off guard.”
Backup and encrypt your data
If you have a secure, encrypted back-up, you can recover quickly from a security breach.
Secure your mobile devices
Many companies use mobile technologies like smartphones as part of their day-to-day business. These devices need to be secured. Consider a corporately owned, personally enabled (COPE) model or corporately owned business-only (COBO) approach. In either scenario, users should only use apps from trusted vendors.
Adopt basic perimeter defences
Networks, Wi-Fi, and VPNs are all ways to gain access to your system. Implement defences including firewalls, encryption, and two-factor authentication.
Secure cloud and outsourced IT
If you store information in the cloud or use outsourced IT services, make sure you know how sensitive information is handled, and what protections you have. Also, be aware that if your data is held somewhere other than Canada it will be subject to different privacy laws.
Secure your websites
As a customer-facing asset, your website can’t afford a breach. Start securing it with the Application Security Verification Standard (ASVS), a list of security requirements and controls to implement during all phases of web application development.
Enable access control and authorization
Most computers use accounts where an individual must enter a username and password. Make sure you have unique logins for all employees and disable old accounts when employees leave. Don’t use shared accounts. Be sparing with who has administrator access.
Secure your portable media
USB drives, hard drives, and memory cards are all examples of portable media, and they should all be secured with encryption whether they’re in the office or not. Also, be wary of drives received from others (such as at a conference) as they may contain malware. Don’t use them until they’ve been assessed.
This list may seem overwhelming but each of these actions can prevent a costly cyberattack. “It’s critical that Canadian businesses take a 360-degree approach to managing cybersecurity risk,” says Khaial, adding that a framework of prevention, protection, and education is the most effective strategy.
Read Also