Canadian small businesses, self-employed professionals (contractors, freelancers, side hustlers, solopreneurs), and startups must be wary of the ever-evolving cyber risk landscape and take steps to protect their assets.

October is Cybersecurity Awareness Month in Canada. Statistics show small businesses face increasing online threats. For instance, according to the Blakes Cybersecurity Group’s Canadian Cybersecurity Trends Study 2023:

  • Ransomware attacks are the most common type of cybersecurity incident, representing almost 70% of all incidents.
  • The average ransom payment made by Canadian companies in 2023 is $546,000, a 170% increase from the amounts paid in the last two years.
10 cybersecurity tips for small businesses
  • 45% of organizations were attacked through software vulnerabilities.
  • Phishing and compromised credential attacks (when hackers steal a user’s valid login credentials like passwords) account for 21% of breaches.
  • 13% of Canadian organizations had their email systems compromised, and 9% suffered malware attacks.
  • The majority of cybersecurity incidents happened to organizations in Ontario (44%), followed by the Prairie provinces (23%), British Columbia (19%), Quebec (8%), and Atlantic Canada (6%).

If the above doesn’t alarm you, look at IT security provider Check Point Software’s live cyber threat map showing the number of cyber-attacks globally in real time.

Small Businesses Are Not Immune to Online Threats

Online threats pose big risks to small businesses. Yet, the Insurance Bureau of Canada (IBC) finds many Canadian small businesses are slow to adapt to increasingly sophisticated cyber-attacks. 

IBC’s Cyber Savvy Report Card, a report following a survey of employees and business owners, highlights the risks many Canadian organizations face, including:

  • Only 48% have implemented defences against a possible cyber-attack.
  • Only 31% say their business has made cybersecurity a priority and created a cyber-safe culture.
  • Only 35% of small businesses have mandatory cybersecurity training for employees.
  • 41% of respondents believe it’s only a matter of time until they are hit by a cyber-attack. 

No small business is immune to cyber-attack risk, but that doesn’t mean you have to make it easy for cybercriminals to infiltrate your network. Here are 10 ways to up your company’s cybersecurity protection:

1. Keep systems and software up to date

From applying required patches to software, updating web browsers and operating systems, ensuring no weak links across your network is vital. These actions are among the best defences against viruses, malware, and other cyber threats.

2. Train your employees

More than 80% of data breaches occur because of human error. That highlights the need for organizations to train their employees on recommended cybersecurity best practices. As poor cybersecurity combined with increasingly connected personal devices gives attackers an advantage, enact a policy forbidding employees from using their personal devices to access company data. 

Also, limit employees’ access to the data and systems they need to do their jobs. They shouldn’t have access to data and systems that aren’t required for their roles in your business. Additionally, establish policies and procedures to prevent employees from installing software on their work computers without permission.

3. Create strong passwords and use multi-factor authentication (MFA)

Data from IT security firm Trend Micro finds that 75% of cyber-attacks start with an email. That makes it critical to ensure you create strong email passwords that are unique and difficult to figure out by using numbers, letters, and symbols. In addition, taking advantage of multi-factor authentication – a method that requires users to provide two or more verification factors to access an application or account – is an effective way to help thwart an attack.

4. Backup your mission-critical data

It’s wise to automate and regularly back up your organization’s data and store copies offsite and in the cloud. Everything from financial files, employee data, documents and spreadsheets, and databases should be backed up at least weekly.

5. Use a Virtual Private Network (VPN)

A VPN is affordable for small businesses and required if your employees work remotely. VPNs establish secure network connections by encrypting your online traffic and disguising your identity by hiding your IP address. VPNs prevent people outside your secure network from seeing which websites and data you access online. 

6. Use digital payment best practices

Follow the guidance and security obligations of your digital payments processor or bank and ensure you use the tools, practices, and anti-fraud measures they recommend. Keep your point-of-sale (POS) payment system isolated from your other systems, and avoid using the same laptop or computer you use for processing payments to surf the internet.

7. Conduct a cybersecurity risk audit

Review your company’s networks, software and cloud storage systems, and email systems. Look for potential gaps in your defences. For example, where is your business’s confidential information stored, and who can access it?  

8. Deploy antivirus software

Antivirus software deployed on all devices can help thwart viruses, spyware, malware, phishing scams, and ransomware attacks. Ensure the antivirus software you use is updated regularly.

9. Encrypt sensitive information

Critical information should always be encrypted. Especially any data related to financial information like credit and debit cards, bank accounts, and billing. While encrypted data won’t prevent a cyber-attack, if it’s stolen, it’s useless to the hacker without the keys to decrypt and decipher it.

10. Get cyber liability insurance

Even if you deploy the above recommendations and take further steps to reduce your exposure to online threats, there are no guarantees your business won’t be impacted by a cyber-attack. That’s why it’s wise to include cyber liability insurance in your overall business insurance policy.  

Cyber liability insurance provides a wide range of support if you suffer any cyber-attack. It can include funds to repair and restore your affected software systems or restore compromised data, coverage for potential lawsuits arising from a cyber-attack including legal advice, credit monitoring and crisis management services and coverage for financial losses you sustain due to a system outage resulting from an attack. 

Speak to a licensed Zensurance broker if you want to add cyber liability protection to your policy or have questions about it.

Additional Cybersecurity Resources for Canadian Small Businesses

There are several free resources available for business owners to leverage to help enhance their cyber defences and knowledge, including:

Sign Up for ZenMail

The best of Zensurance news, tips, and resources are delivered straight to your inbox.

Recent Posts

Share This Story:

About the Author: Liam Lahey

Liam is the Content Marketing Manager at Zensurance. A writer and editor for more than 20 years, he has been published in several newspapers and magazines, including Yahoo! Canada Finance, Metroland Media, IT World Canada and others.