How Serious a Problem Is Cybercrime?
Cyber risk is particularly dangerous and challenging because of how interconnected it is. It only takes one security chink in the supply chain’s armour for all entities within that chain to be negatively impacted by the attack, including the customers of that small business. And yet, research shows that almost half of Canadian small businesses lack cybersecurity protection.
Studies and reports have shown a significant rise of cyber-attacks in several areas. It costs Canadian small businesses in a big way in the form of lost or exposed data, countless hours of time, legal issues, and broken trust – not to mention a significant amount of money.
Global News recently reported that more than 63% of Canadian enterprises saw increased cyber threats in the last 18 months. More than half of the Canadian information security officers surveyed said that human error was the biggest vulnerability.
A survey by the Insurance Bureau of Canada (IBC) echoed this alarming trend. IBC says one in five businesses in the poll (around 18%) had been severely affected by data breaches or cyber-attacks in the last two years.
Common Types of Cybercrime
Ransomware and business email attacks (phishing) topped the list as the top two most common cyber incidents in 2020. Here are some of the other most common cyber threats many Canadian businesses have fallen victim to over the past couple of years:
- Spoofing. Caused by weaknesses that allow a website to accept invalid data.
- Clickjacking. Allows attackers to insert stylesheets, iframes, text boxes or layers and “hijack” a webpage.
- Sniffing. Caused by vulnerabilities that do not force encryption and instead allow transmission of sensitive or security-critical data.
- Distributed-denial-of-service (DDoS) attacks. Where cybercriminals flood a network with so much malicious traffic that it cannot operate normally.
- Zero-day attacks. When attackers exploit a software vulnerability before the vendor becomes aware of it.
- Botnet attacks. Large-scale cyber-attacks carried out by malware-infected devices, which are controlled remotely.
- Man-in-the-middle attacks. A type of eavesdropping, where hackers interrupt an existing conversation or data transfer
- Cryptojacking. A relatively new cyber risk involves specialized malware that infects a system and surreptitiously uses its bandwidth to mine cryptocurrency.
- Spam. We are all too familiar with this one, but it’s important to remember it is not just a nuisance but can also distribute malware that steals personal information.
7 Tips to Protect Your Business from Cybercrime
While small business owners might be thinking that their budget is too tight to increase cybersecurity, there are many actions they can take without breaking the bank. The Canadian Chamber of Commerce offers these seven tips:
- Enforce a password policy. Companies should make sure passwords are long and contain multiple categories of characters. Learn more on how to create strong passwords.
- Use Multiple Factor Authentication (MFA) where applicable. Passwords can be compromised by brute force attacks or be stolen. With extra authentication factor(s) in place, such as an Authenticator App on your smartphone, the odds of passwords being compromised are much smaller.
- Deploy endpoint security software on all computers. While built-in programs can frequently defend software, additional third-party endpoint security software is recommended to protect entry points of end-user devices like laptops and desktops.
- Encrypt hard drives. Without encryption, a hard drive or solid-state drive (SSD) could be pulled out from computers to access and exploit data.
- Patching. Ensure the use of all software release patches. It can be tedious to manage patches; however, software patching is necessary for computers in the workspace.
- Always backup your data. Back up three copies or more, using different technologies, different hardware, and different vendors. Companies should test backups routinely.
- Educate staff on cybersecurity. Additionally, make the IT policy clear to all staff and provide refresher training every few months.
Many more helpful tips can be found on the Canadian government’s website to help you with your cybersecurity plan. Being aware and prepared is crucial, especially now that our lives and livelihoods are online.
In addition to choosing reputed online software and platforms, add cyber liability insurance to your policy. Think of it in the same way as fire insurance — it’s one more essential part of your toolkit to keep your business safe.