Canadian small businesses, self-employed professionals (contractors, freelancers, side hustlers, solopreneurs), and startups must be wary of the ever-evolving cyber risk landscape and take steps to protect their assets.
October is Cybersecurity Awareness Month in Canada. Statistics show small businesses face increasing online threats. For instance, according to the Blakes Cybersecurity Group’s Canadian Cybersecurity Trends Study 2023:
- Ransomware attacks are the most common type of cybersecurity incident, representing almost 70% of all incidents.
- The average ransom payment made by Canadian companies in 2023 is $546,000, a 170% increase from the amounts paid in the last two years.
- 45% of organizations were attacked through software vulnerabilities.
- Phishing and compromised credential attacks (when hackers steal a user’s valid login credentials like passwords) account for 21% of breaches.
- 13% of Canadian organizations had their email systems compromised, and 9% suffered malware attacks.
- The majority of cybersecurity incidents happened to organizations in Ontario (44%), followed by the Prairie provinces (23%), British Columbia (19%), Quebec (8%), and Atlantic Canada (6%).
If the above doesn’t alarm you, look at IT security provider Check Point Software’s live cyber threat map showing the number of cyber-attacks globally in real time.
Small Businesses Are Not Immune to Online Threats
Online threats pose big risks to small businesses. Yet, the Insurance Bureau of Canada (IBC) finds many Canadian small businesses are slow to adapt to increasingly sophisticated cyber-attacks.
IBC’s Cyber Savvy Report Card, a report following a survey of employees and business owners, highlights the risks many Canadian organizations face, including:
- Only 48% have implemented defences against a possible cyber-attack.
- Only 31% say their business has made cybersecurity a priority and created a cyber-safe culture.
- Only 35% of small businesses have mandatory cybersecurity training for employees.
- 41% of respondents believe it’s only a matter of time until they are hit by a cyber-attack.
No small business is immune to cyber-attack risk, but that doesn’t mean you have to make it easy for cybercriminals to infiltrate your network. Here are 10 ways to up your company’s cybersecurity protection:
1. Keep systems and software up to date
From applying required patches to software, updating web browsers and operating systems, ensuring no weak links across your network is vital. These actions are among the best defences against viruses, malware, and other cyber threats.
2. Train your employees
More than 80% of data breaches occur because of human error. That highlights the need for organizations to train their employees on recommended cybersecurity best practices. As poor cybersecurity combined with increasingly connected personal devices gives attackers an advantage, enact a policy forbidding employees from using their personal devices to access company data.
Also, limit employees’ access to the data and systems they need to do their jobs. They shouldn’t have access to data and systems that aren’t required for their roles in your business. Additionally, establish policies and procedures to prevent employees from installing software on their work computers without permission.
3. Create strong passwords and use multi-factor authentication (MFA)
Data from IT security firm Trend Micro finds that 75% of cyber-attacks start with an email. That makes it critical to ensure you create strong email passwords that are unique and difficult to figure out by using numbers, letters, and symbols. In addition, taking advantage of multi-factor authentication – a method that requires users to provide two or more verification factors to access an application or account – is an effective way to help thwart an attack.
4. Backup your mission-critical data
It’s wise to automate and regularly back up your organization’s data and store copies offsite and in the cloud. Everything from financial files, employee data, documents and spreadsheets, and databases should be backed up at least weekly.
5. Use a Virtual Private Network (VPN)
A VPN is affordable for small businesses and required if your employees work remotely. VPNs establish secure network connections by encrypting your online traffic and disguising your identity by hiding your IP address. VPNs prevent people outside your secure network from seeing which websites and data you access online.
6. Use digital payment best practices
Follow the guidance and security obligations of your digital payments processor or bank and ensure you use the tools, practices, and anti-fraud measures they recommend. Keep your point-of-sale (POS) payment system isolated from your other systems, and avoid using the same laptop or computer you use for processing payments to surf the internet.
7. Conduct a cybersecurity risk audit
Review your company’s networks, software and cloud storage systems, and email systems. Look for potential gaps in your defences. For example, where is your business’s confidential information stored, and who can access it?
8. Deploy antivirus software
Antivirus software deployed on all devices can help thwart viruses, spyware, malware, phishing scams, and ransomware attacks. Ensure the antivirus software you use is updated regularly.
9. Encrypt sensitive information
Critical information should always be encrypted. Especially any data related to financial information like credit and debit cards, bank accounts, and billing. While encrypted data won’t prevent a cyber-attack, if it’s stolen, it’s useless to the hacker without the keys to decrypt and decipher it.
10. Get cyber liability insurance
Even if you deploy the above recommendations and take further steps to reduce your exposure to online threats, there are no guarantees your business won’t be impacted by a cyber-attack. That’s why it’s wise to include cyber liability insurance in your overall business insurance policy.
Cyber liability insurance provides a wide range of support if you suffer any cyber-attack. It can include funds to repair and restore your affected software systems or restore compromised data, coverage for potential lawsuits arising from a cyber-attack including legal advice, credit monitoring and crisis management services and coverage for financial losses you sustain due to a system outage resulting from an attack.
Speak to a licensed Zensurance broker if you want to add cyber liability protection to your policy or have questions about it.
Additional Cybersecurity Resources for Canadian Small Businesses
There are several free resources available for business owners to leverage to help enhance their cyber defences and knowledge, including:
- The Canadian Centre for Cyber Security has many resources for individuals and business owners.
- The Canadian Internet Registration Authority provides affordable training courses for small teams and a free course for employees who work from home.
- The Insurance Bureau of Canada provides resources to help small businesses learn about cybersecurity.
- Cybersecurity provider ESET offers a free one-hour cybersecurity training course.
- Toronto Metropolitan University offers a cybersecurity training program called Simply Secure for individuals and small businesses.
- Amazon also provides a free cybersecurity awareness training course for business owners and individuals.
Recent Posts
Survey: A Shocking Majority of Canadians Would Sue a Small Business
A new survey of Canadian consumers finds the legal risks confronting small business owners are on the rise, potentially threatening self-employed professionals' and business owners’ financial well-being. Here’s how you can protect your business.
Want Help Growing Your Small Business? Consider Finding a Mentor
Seeking a mentor to guide your journey can profoundly impact your professional growth and success. Here’s how to find a mentor to help your business grow.
5 Tips for Increasing Your Small Business’s Profit in a Slow Economy
Challenges remain for small businesses to grow their profit margins due to inflation and higher-than-average interest rates. Here are five things you can do to grow profitability in a tight economic environment.