Shoring up your small business’s cybersecurity defences to protect yourself, your customers, and business partners demands strong passwords to safeguard your personal information and assets. According to a 2021 Verizon report, more than 80% of hacking-related data breaches are due to weak or stolen passwords.

Unfortunately, cybercrime is a fact of daily life. All small businesses and sole proprietors are at risk of a cyber-attack and can be exposed to one with an errant click on a hyperlink. Simply publishing information about your company online may expose it to a multitude of electronic security breaches.

The Royal Canadian Mounted Police (RCMP) defines cybercrime as any time when a cyber element (the internet and technologies such as computers, laptops, and smartphones) is used to commit a crime.

Of note, as of September 30, 2021, the Canadian Anti-Fraud Centre (CAFC) has received 56,577 reports of fraud year-to-date from Canadians, with an estimated $163 million lost to fraud. Moreover, 47% of Canadian small business owners admit they don’t allocate any portion of their operating budgets to implementing cybersecurity defences.

Small businesses and sole proprietors may be at a disadvantage compared to large organizations having the wherewithal to invest in rigid, in-depth cybersecurity defences. But there are ways to minimize the threats you face, and that includes ensuring you and your employees adhere to recommended best practices to thwart hackers and scammers, such as having strong passwords to safeguard the systems and software you use.

What Kind of Tactics Do Hackers Use to Get Your Passwords?

Cybercriminals use multiple tactics to gain access to a company’s data, and their techniques change all the time rapidly. Some of the most common tactics hackers use may include:

  • Phishing. Phishing is when an attacker pretends to represent a trusted organization or individual to trick a user into taking an action they wouldn’t usually take (such as opening a malicious attachment or clicking on a link in a fraudulent email). The hacker’s goal is to induce individuals into revealing personal or confidential information like passwords and credit card numbers.
  • Malware. Malware is harmful software that’s designed to disrupt, damage, or take control of a computer system, device, or network. Cybercriminals use it to get at data they can use for things such as identity theft, stealing financial data, taking control of multiple computers to launch a denial-of-service attack, or infecting computers to use them for mining cryptocurrencies.
  • Social engineering. A hacker uses deception to manipulate individuals into divulging confidential or personal information, such as a password, they can then use for fraudulent purposes.
  • Spoofing. Spoofing involves a cybercriminal impersonating a trusted user or device to attack network hosts, steal information, spread malware or bypass access controls. It’s a trick that can be applied to all sorts of communications, including emails, phone calls, text messages, or websites.
  • Brute force. A brute-force attack consists of an attacker trying to decode encrypted data by submitting as many password combinations as possible quickly with the hope of eventually guessing correctly. It is a trial-and-error method to crack passwords, login credentials, or encryption keys.

Tips for Creating Strong Passwords and Keeping Them Safe

There are affordable and free ways for any small business or sole proprietor to create secure, unique passwords and reduce the risk of a cyber-attack, such as:

  • Use unique passwords. Always use a unique password for each of your accounts, such as your email, online banking, or backend data servers. Never use the same password across multiple accounts.
  • Use a password generator. Using a free password generator can help you create unique passwords that aren’t easy to crack. PC Magazine provides a list of top-rated password managers to use, many of which are free. Avoid using personal information in a password such as your birthdate, spouse’s name, or favourite sports team. Your password should be at least eight characters long and consist of a combination of uppercase and lowercase letters, numbers, and symbols.
  • Enable multi-factor authentication. Multi-factor authentication is a security technology that requires two or more methods of authentication to access a website or application. It helps protect against hackers by ensuring that users are who they say they are. It’s wise to enforce multi-factor authentication across your organization if it’s an option.
  • Change passwords regularly. Your passwords are not a set-it-and-forget-it proposition. Change them regularly (at least four times a year), and don’t use the same password repeatedly. Also, always change passwords to critical systems whenever an employee leaves your organization.
  • Don’t share your passwords. Don’t write your passwords down on paper and stash them beneath your computer or in your office, and never share your passwords with anyone.
  • Be wary of public Wi-Fi. Refrain from logging in to secure sites or networks with your credentials when on a public, unsecured Wi-Fi connection like at a restaurant or airport. A hacker can steal your passwords and data that are transmitted over an unsecured network.
  • Check if your email or phone is in a data breach. Use the free website HaveIBeenPwned.com to determine if your email address or phone number was exposed in a data breach.

What to Do if Your Business Has Been Hacked

If you suspect a hacker has compromised your personal or company’s computing systems, there are a few recommended steps you should take immediately:

  • Contact your local police department. Don’t hesitate to report the incident to your local police force. Not only will the police assist and advise you on what to do next, but it’s also helpful for law enforcement authorities nationwide to combat fraud and cybercrime.
  • Document your actions. Keep track of all the steps you took and are taking since your systems were compromised. That demonstrates due diligence, and it may come in handy if you file a claim with your insurer or brokerage.
  • Report it to the Canadian Anti-Fraud Centre. The CAFC collects information on fraud, identity theft, and cybercrime and provides information to Canadians on past and current scams. Report what’s happened to you or your business to the CAFC using its online form, or call toll-free 1-888-495-8501.
  • Notify the Canadian Centre for Cybersecurity. Report any cyber incidents you encounter to the Canadian Centre for Cybersecurity. The information you provide will help the Centre provide cybersecurity advice, guidance, and services to other organizations.
  • Contact your broker or insurance company. If you have cyber liability insurance, contact your broker or insurer to report the incident to them. Depending on the nature of the intrusion and any damages that you’re suffering, you may need to file a claim. If you don’t have cyber liability coverage, talk to your broker about adding it to your policy.
  • Update your systems. Identify and restore the essential systems and applications your company uses, update them, do a virus scan, and implement any necessary patches or configurations.
  • Back up your data. Back up all critical digital assets regularly and store them in a physically and environmentally secure location.

Looking for other ways your business insurance coverage can help protect you? Speak to one of our licensed brokers. They can review your policy, the risks you face, and make recommendations to ensure you’re covered adequately.

Get a Free Quote

Related Posts