Cyber Security for Your Business
Data breaches. Cyber hacking. Current headlines highlight such incidents occurring to large corporations and government agencies with increasing regularity. But what about your small or medium-sized business?
In fact, the vast majority of businesses being attacked online are SMBs, because often small and medium-sized businesses are under-protected. It’s estimated that 70% of Canadian data breaches happen against companies with fewer than 100 employees.
Almost all cyber attacks focus on obtaining personal data to use in credit card or identity theft. While large corporations have more data to steal, criminals often prefer to run automated attacks which allow them to breach thousands of small businesses at once.
Over 20% of Canadian businesses have reported a data breach or cyber security incident 
In today’s market, it’s not enough to work tirelessly to grow your company, you also have to work smart to build a cyber-resilient business. Cyber resilience is more than your company's ability to prevent or respond to a cyber attack. It also involves having the resources to ensure your business can continue to operate during an adverse cyber event, as well as to adapt and recover after the attack.
The damage to a company’s brand, coupled with ongoing financial and legal exposure, means that a data breach can be both significant and long-lasting, often causing irreparable harm to the company, its customers and partners.
Solid cyber security requires secure data. Achieving data-centric security can help make your high-value assets and your organization more secure.
Cyber attacks expose the fact that businesses need to recognize the value of their data. Breaches spotlight multiple points of failure within a business’ procedures and processes.
What can you do? Here are some best practices for cyber security:
- Identify critical data and use firewalls to make it difficult for cyber criminals to achieve any point of entry.
In addition to standard external firewalls, installing internal firewalls provides additional protection. It’s also important that employees working from home are protected. Consider providing firewall software and support for home networks to ensure compliance.
- Build defenses through a security ecosystem that includes a plan for mobile devices
It’s essential that companies have a documented BYOD policy that focuses on security precautions. It should also include wearables, like fitness trackers and smart watches with wireless capabilities. Employees should be required to set up automatic security updates and apply the company’s password policy to ALL mobile devices accessing a company network.
- Create an environment that better monitors users and blocks attackers with safe password practices, multi-factor authentication and role-based access
You wouldn’t grant every employee access to restricted physical spaces within your company, so you should also guard your digital spaces. A multi-factor authentication system should be in place for administrators and other key players in your organization who, if their accounts were compromised, could cause a significant loss to the company. Role-based access control is also critical. Grant only the amount of access for employees to do their jobs. Have IT monitor and flag any unauthorized access and suspicious user behavior. Something as simple as an enforced safe password policy can also make a difference. 81% of hacking-related data breaches leveraged lost and/or weak passwords. Even more alarming, 65% of SMBs with password policies do not enforce them.
- Scan applications for high-risk vulnerabilities and patch systems through automatic security updates
Since a typical business network will include different applications, including software developed in-house, proprietary commercial software, open-source applications and even unauthorized software installed by end-users, regular patch management by IT professionals is needed to detect any software vulnerability.
- Prepare for the worst… have a crisis management plan in place rather than simply an incident response plan
Like an on-site fire drill, have protocols in place to manage a breach because, if it happens, time is of the essence.
Cyber resilience for peace of mind.
A shift in security posture, one that focuses on data-centric security that includes data encryption, data-level security controls and data access management, is the key to true peace of mind regarding the online activities of your business. In the past, securing data meant having to build a stronger wall. But in a perimeter-less world of connected devices and a liquid stream of data vulnerable to attacks, this approach is no longer enough. A more flexible, “bend, don’t break” approach, with strong identities and encrypted data, can arm your company with cyber resilience, securing your company’s data and reputation..