At its core, a cybercrime or attack is a breach of personal security and cyber safety. Hackers will gain access to confidential information, such as customers’ names, addresses, social insurance numbers, dates of births, and credit card information. That doesn’t mean a successful attack on your business is inevitable. However, there are some simple, cost-effective and fast-acting things you can do to protect your business from cyber attacks.
Cybercrime on the rise
During the first half of 2021 alone, over 118 million people were impacted by data breaches. In fact, statistics of this year’s data breaches were significantly higher than those of the past year. It’s expected that by 2023, data breaches will grow to 15.4 million. Canadian businesses are beginning to wake up to the need for an enhancement of security measures against cyber attacks. According to CIRA’s 2020 Cybersecurity Report, almost six in 10 companies deployed to a VPN due to the COVID-19 pandemic, with half deploying to DNS firewalls in response to an increase in cyber threats.
Protect your business from cyber attacks
So, what are the best ways to protect your business from cyber attacks? Here are some tips to help keep your business safe from cyber criminals or ‘theives’:
1. Data back-up
Backing up data is among the most cost-effective ways of making sure your information is recovered in an event of a cyber incident or computer issue. Be sure to use multiple back-up methods to help ensure data safety, including daily incremental back-ups to a portable device or cloud storage. As well, add end-of-week, quarterly, and yearly server back-ups. This data should also be checked regularly to see if it is working properly and can be restored.
DYK: One of the most effective data backup strategies is the 3-2-1 rule? Based on this strategy, you should have at least three copies of your data stored. Two of them should be on different media, and one should be in an offsite location.
2. Keep your systems and software up-to-date
Operating systems and security software should be updated automatically. These updates fix security flaws and help patch security flaws and vulnerabilities that can be exploited. It’s important that you never disregard update prompts. Firewalls should also be set up, as these act as a “gatekeeper for all incoming and outgoing traffic.” It will also be helpful for companies to turn on spam filters to reduce the amount of spam and phishing emails coming in. These are a common tactic hackers use to infect devices and steal confidential information that businesses receive.
3. Activate data encryption
Make sure all your sensitive data is encrypted. Encryption converts data into a secret code before it is sent over the internet, so it is vital for businesses to turn on network and data encryption when storing and sharing data. It limits data access only to parties with the encryption key. It also ensures that even when unauthorized parties gain access to the data, they can’t read it. Some data encryption software even lets you know when other people try to alter or tamper with the information.
Important: Do not use free anti-virus software/downloads for cyber safety. Free anti-virus solutions often provide minimal protection. Consider purchasing a Virtual Private Network (VPN) for your staff to work on, especially if they work remotely.
4. Use multi-factor authentication
Two-factor or multi-factor authentication offers additional security for your accounts. Most social platforms, email providers, banks, and several other vendors have already adopted this technology. This additional step may seem to be a hassle, but it’s really a safeguard to help keep your account safe. You can download a two-factor authentication app, such as the Google Authenticator app, directly from your app store.
5. Replace passwords with passphrases
We recommend using passphrases instead of passwords, especially for accounts that hold important business information. A secure passphrase should be at least 14 characters long and consist of a combination of upper and lower case letters, numbers, and special characters. It should also be unpredictable – meaning the words are unrelated and it is not used for other accounts. The Ponemon Report states that 51% of employees and 41% of IT professionals share passwords with their colleagues. While human error (i.e., inputting an incorrect password) is only supposed to account for 39% of cyber attacks, it in fact accounts for 50%.
DYK: Here’s an interesting fact; over 80% of organizational data breaches result from weak passwords. Hackers don’t need much to gain access to your systems. They only require a small gap, and they’ll exploit it fully.
6. Comprehensive monitoring system
You need to keep record of all the equipment and software your business uses. You should remove sensitive information from any device and software that is no longer in use and disconnect these devices from the network. Older and unused equipment or software will unlikely be updated and may serve as a ‘backdoor’ targeted by criminals to attack businesses. Similarly, you should remove access from past employees and those who have changed roles and no longer require access.
DYK: The ‘Man in the Middle’ attack has become increasingly more popular in cybercrime. By not turning off our WiFi or our Bluetooth when we’re not connected to something, we are inviting intruders to take advantage. Attackers replicate a frequency that they think your device will recognize… and your device will connect without you knowing anything about it.
7. Implement security policies
Businesses should also have clear cybersecurity policies to guide employees on what is acceptable when sharing data, using computers/other devices, and accessing internet sites. Nine out of 10 cyberattacks start with an email because they need a delivery method and we’re inundated by them. According to Barry Searle, Director of Education at Cyber Stars Initiative, “Every 60 seconds, there’s up to 188 million emails being sent around the world. So actually, if we become better at dealing with emails, we can mitigate most of our cyber risk more or less immediately.” This is a great tip to remember in order to protect your business from cyber attacks.
8. Educate, educate, educate
According to Peter Buckley, Head of Technology and Cyber Resilience, HSBC Bank Canada, companies face a balancing act of trying to grow their organization and protecting it. “Educating employees about what to look out for,” Buckley says, “is the number one way to keep your organization protected.” Over 90% of cyber attacks start with human error. By building a culture of awareness, hackers can be limited in their ability to gain access. Your employees can be your first and last line of defence against cyber threats in order to protect your business from cyber attacks. This is the reason why it is crucial to educate them on how to identify, avoid, and deal with a cyber threat.
DYK: Statistics show that over 3.4 billion phishing emails are sent globally? These emails contain malicious malware in the form of links that give hackers access to user data, including login credentials.
9. Ensure customer protection from cyber attacks
Chances are that your cyber security is highly dependent on third-party vendors, which is why you can’t afford to ignore vendor risk management. Third-party risk is any risk brought on to your organization by external parties in its network. Such parties may include vendors, suppliers, partners, contractors, or service providers, who have access to internal company or customer data, systems, processes, or other privileged information. It is also vital to keep your clients’ private information safe. In line with this, you should be able to provide a secure online environment where transactions can take place. Don’t leave your cybersecurity to chance! Make sure you manage your third-party exposure as soon as possible by purchasing the proper cyber liability insurance coverage.
Why is cyber safety important for your business?
Protecting your business from cyber attacks is serious business. If you are a victim of a cybercrime, it can cost your business thousands of dollars to get your business up and running. OR in worst-case scenarios, it can put you out of business for good, as you won’t be able to recuperate the losses. The good news is, there are a variety of cyber insurance options available for you to be proactive and protect your business before it’s too late.
Is your business in need of a cybersecurity policy? Contact us today to speak with one of our knowledgeable isure brokers who will provide you with the best advice and coverage you need when it comes to cyber safety.