From communications to marketing, data analysis to direct e-commerce sales, the internet has opened up a host of new opportunities for businesses. It also presents opportunities to unscrupulous cyber-criminals, however, and that means new dangers for businesses.
A study from the Center for Strategic and International Studies found that Canadian businesses are losing over $3 billion a year to cyber-crime. Attacks against high-profile global targets including HBO, the UK’s NHS and the Ukrainian government have made headlines over recent months, but SMEs are also targeted by cyber-criminals. They might even be seen as more attractive targets as they often lack the financial resources and technical expertise to adequately protect themselves.
Perrin Beatty, President and CEO of the Canadian Chamber of Commerce, said: “SMEs comprise 98% of the Canadian economy. Nearly half have been the victim of a cyber-attack. Their focus is on recovery instead of prevention. Unfortunately, recovery is often not possible. The average cost of a data breach in Canada is $6 million. Most small businesses would not be able to survive losing a tiny percentage of that figure.”
Cyber-crimesaredefined as those crimes committed on the internet using the computer as either a tool or the object of the crime. It can take many different forms. The WannaCry attacks that targeted the NHS and other organisations was an example of ransomware, a malicious program that encrypts targeted files and demands a payment to unlock them. Viruses and other malware can wreak havoc, hackers can access sensitive and valuable data, while adware and spyware can prove a nuisance by flooding your screen with pop-up ads, redirecting your browser or simply tracking your movements. Phishing is an increasingly common approach to cyber-crime, in which scammers attempt to harvest information such as passwords and account numbers using bogus emails purporting to be from reputable companies or individuals.
Any type of cyber-crime can be damaging. Security breaches can be costly in terms of money, time and even customer trust. Thus, it is increasingly important to guard against them.
Installing the right security software should be an essential part of your overall security strategy, forming a vital line of defence. Ideally, you should have multi-layered security solutions in place, which should also include securing your wireless networks and installing the most effective firewall you can find to help provide steadfast protection against threats such as spyware and viruses.
You should also ensure that all your security software is continuously updated so you know you are using the latest version for maximum efficiency and effectiveness. The most recent updates will have been developed to protect you from the newest threats on the web, so only by updating your security software can you be sure your business is protected from the ever-evolving ploys of cyber-criminals. The WannaCry attacks provide a salutary lesson in this regard. The malware used was not particularly sophisticated and it was later found that updates that could have protected against the attack had not been applied in affected machines.
You should also routinely update all web browsers used in your organisation and use encryption to provide another layer of protection. All data transferred to and from the cloud should be encrypted and you should also consider encrypting universal serial bus (USB) flash drives and other forms of portable storage as an extra method of safeguarding.
An analysis of around 10 million passwords found that the most commonly used password in 2016 was ‘123456’. ‘PASSWORD’ remains a perennial favourite (coming in at number 8) and ‘QWERTY’ was also worryingly popular.
It might sound obvious, but it’s important for small businesses and their employees to use passwords that are not quite so easy for cyber-criminals to crack. This generally means using a combination of capital letters and lowercase letters, symbols and numbers. Passwords should also be changed on a regular basis. This can be difficult for individual employees to keep track of, but a password management system can help in this regard.
Educate your staff
It’s one thing implementing strong technical defences, but human error can often leave organizations vulnerable to attacks. This can apply to staff passwords but also to other elements of your security strategy, such as accessing data and networks on employee devices (a strong Bring Your Own Device or BYOD policy can help address this one). It’s important to have everyone on the same page when it comes to cyber-security.
You should take the time to educate your staff with regards to the dangers of cyber-crime, informing them of new threats and what they can do to help protect your business from them. You might also want to consider bringing in a security expert to talk to staff, or sending them on regular courses to enhance awareness.
Instituting regular testing can help ensure staff are adhering to your cyber-security policies and procedures, maintaining that their knowledge is up to date.
Back up data
Should the worst happen and your security measures fail to repel a cyber-attack, you could lose any data that is not backed up. Backing up could help protect against ransomware attacks that threaten to permanently encrypt or erase valuable data, as well as some other destructive types of malware.
Ensure your staff and the applications your business uses are always backing up data on a regular basis and in the correct way, whether using traditional data storage solutions or migrating to the Cloud.