4 February 2019 | by Megan Henwood

Why Your Small/Medium Business Can’t Afford to Ignore Cybersecurity!

Small and medium businesses are now the targets of cybercriminals. Meaning, many small businesses who suffer from these attacks may not recover, as the cot of these attacks can be devastating to their reputation, not to mention the cost of these breaches have severe impact to revenue. Even further, privacy laws in Canada changed in November 2018, which now require all privacy breaches to be reported to the Privacy Commissioner.

Protecting your business against cybersecurity threats is critical to protecting your Intellectual Property (IP), your customers’ data, your employee data and quite frankly your bottom line. There is good news though, so let’s dig in so that you can get the information you need, to do just that – protect your business.

So, what is cybersecurity?

Cybersecurity means being protected against unauthorized use of your electronic data, and the resources used to protect against cyber-attacks. To become ‘cybersecure’, software and technologies are often implemented within an organization.

Why does this apply to my small to medium sized enterprise?

Cybersecurity is important for organizations of all sizes. Learning about cybersecurity best practices and promoting awareness across the organization increases revenue, business productivity, protects your IP and builds trust.

Cybercriminals often focus on Small and Medium Enterprises (SMEs) because they know SME’s often don’t have the resources – human or financial – to employ cybersecurity professionals. While small, you don’t have to be a target. There are managed service providers to help you at reasonable costs. In addition, there is a cost-effective certification that you can adapt.

Taking the right steps to protect your IP and your customer data is critical. The new Digital Privacy Act legally requires all organizations who suffer a data breach to report it. Depending on the severity, fines and notification of the breach to clients may be required. Demonstrating that you have gone through cybersecurity certification will help to prove that you are taking the right steps to protect your data. It might also make you eligible for cybersecurity insurance.

Five Critical Areas to Focus on For Results:

There are five essential controls that are recommended to implement for an organization to mitigate common internet threats. The following are:

1. Boundary Firewalls and Internet Gateways: A firewall can be either software, hardware, or both. A firewall is a network security device that decides whether to allow or block specific traffic based on a defined set of security rules.
2. Secure Configurations: Employees should only have access to the tools they need to do their jobs. Your company should create strong password protocols for logging into their systems (e.g. actually enforcing the use of ‘strong’ passwords.)  Never stick with default passwords, they may be easy to remember, but they are easy to crack!
3. Access Controls: This is a way to minimize the risk of unauthorized access to the company network and systems. Users should have reasonable but minimal privileges on their personal accounts. Only those who require administrative privileges should have admin-level accounts.
4. Patch Management: This is an update to a program that is designed to fix, or improve it. This also includes security issues. By staying up to date you can prevent cyber criminals from taking advantages of known vulnerabilities in the program. Companies will offer patches for licensed users to update their software.
5. Malware Protection: This is another layer of protection for an organization, and it can perform daily scans to make sure systems are secure. Malicious software has a way of creeping into our devices. Malware protection scans, detects, and eliminates malware ensuring that there is nothing slipping through the cracks.

Don’t let the fear of not knowing what to do stop you from protecting your business. There are many cost-effective ways to help you mitigate the threats of cybercriminals.

Connect with us at Support@CyberEssentialsCanada.ca to help you find the right solution for your organization!