October is Cyber Security Awareness Month

October 22, 2020

By Michela Toscano, IONICA

There were over 5000 recorded data breaches last year, with an estimated average cost of CAD$5.07M. Cyber security threats are more numerous and sophisticated than ever before. Is your business ready?

Many organizations think they are too small to fall victim to cyber-attacks. However, as institutions traditionally targeted by cyber criminals have erected robust cyber security defences, criminals have turned to less sophisticated, less prepared and smaller organizations.

“The biggest challenge is that many SMEs don’t have adequate cyber protection in place, simply because they don’t know they need it”, says Corinne Pohlmann, SVP of National Affairs and Partnerships for the Canadian Federation of Independent Business (CFIB). “Many small and medium enterprises just don’t realize how vulnerable they may be.”

Additionally, many small-medium enterprise owners don’t know exactly what is needed to secure their business. Most technology vendors offer partial solutions, leaving their customers and prospective customers to educate themselves, sifting through a variety of disjointed offerings. This commonly leads to gaps that can be exploited by hackers.

Indeed, a poll by the Insurance Bureau of Canada, found that nearly one in five Canadian SMEs surveyed had been affected by a cyberattack or data breach in the previous two years, with 37% estimating that the incidents cost over $100,000. Moreover, nearly half of the respondents acknowledge having no defences against possible cyber-attacks.

Cyber Security Awareness Month is an opportunity to take stock and reconsider the importance of cyber hygiene. Here are a few relatively simple actions to help make your business safer and more resilient.

Build a Cyber Aware Culture

Your first line of defence against cyber incidents is your team. Most breaches occur as a result of human error resulting from a lack of awareness and education.

Staff should be trained to identify potentially malicious emails and links. Consider repeating the importance of safe and appropriate usage of the Internet and social media. Other simple practices, such as locking unattended workstations and setting complex passcodes on mobile devices, should be included in cyber security policies.

It may seem obvious, but the basics can go a long way to averting security and public relations disasters!

Strong User Authentication

In its yearly Digital Defense Report, Microsoft reports an increase in identity-based attacks using brute force. “Given the frequency of passwords being guessed, phished, stolen with malware or reused, it’s critical for people to pair passwords with some second form of strong credential,” mentions the report.

Multi-factor authentication or MFA (also referred to as 2FA for two-factor authentication) is an authentication mechanism whereby a user is prompted to provide an additional form of identification during a sign-in process. This is often done with via SMS or an authenticator app and can take many other forms such as hardware tokens and biometrics. A good way to think of MFA is “something you know (like a password), and something you have (like a fingerprint or a piece of hardware).”

Email and many web services have MFA enabled by default, but users often must take additional steps to enable it. If you do only one thing to boost your security, it should be this.

Safe Instant Messaging

Use of chat and instant messaging (IM) platforms like Slack, Teams, Hangouts, and Skype has grown tremendously over the last few years, especially as more people work from home. The often casual use of chat might lead some to think it’s innocuous, but it comes with risks that we should all be aware of.

As with other forms of digital communications, threat actors can obtain privileged information in many ways, despite claims by vendors of offering fully secure end-to-end encryption (looking at you, Zoom!).

The Canadian Centre for Cyber Security offers some excellent tips for reducing the risks, such as suggesting limiting links between chat systems and Internet of things (IoT) devices.

Use secure networks

Now more than ever, mobile devices and laptops are essential tools for most organizations. Generally, these devices will be connected to other resources or the Internet via Wi-Fi or cellular network. Data transmitted could be vulnerable to eavesdropping by others using the same network.

Using a Virtual Private Network (VPN) when connecting to the Internet outside trusted networks can greatly reduce the risk of having data exposed to third parties. A VPN facilitates a more secure connection to the Internet, effectively isolating the communications from others using the same network.

Many VPN vendors have apps that can be configured to automatically turn on when connecting to an untrusted network. Make sure that the VPN vendor you choose is based in a country with strong data privacy laws and a reputation for valuing human rights.

Keep system software and apps up to date

Many organizations provide locked down devices to their employees, but it is not uncommon for SMEs to allow staff to use their own devices (especially phones). Users can, of course, freely install software and adjust the configurations of their own devices, which can potentially result in increased exposure to security risks. Accounting and vulnerability management tools are available to maintain user freedom while ensuring devices are properly secured.

When it’s not possible to limit the installation of apps to explicitly approved software, organizations should require that their employees use only official app stores like Google Play or Apple’s App Store.

Additionally, it is important that apps and operating systems (Windows, Android, OSX/iOS, etc.) are current with the latest security patches by regularly running system and application updates.

Be ready

For most of us, it’s not “if” a security incident happens, it’s “when”. That’s why it is critical to be prepared.

Developing an incident response plan helps organisations efficiently and effectively take immediate action — minimising the impact of a breach. The ramifications of a potential breach can be extensive, causing harm to productivity, brand reputation, loss of clients, as well as legal claims.

Next steps

To get started on your own, visit CyberSecure Canada, a federal Government certification program for small and medium-sized organizations.

Need or prefer expert help in cyber security? Contact us at hello@ionica.ca

Michela Toscano is an entrepreneur and technologist based in Vancouver, BC., where she is principal of IONICA, an integrated technology firm specializing in site reliability engineering, cyber security, hosting, and web development.

Published with permission.

Community Lead

Celebrating the 10th Issue of WBE Canada Magazine featuring our 2023 Holiday Shopping Guide!

WBE Story: Wonderkind

Business Development Manager

Posted in Business Tips, News & Updates and tagged business, business strategies, cyber security, tech, women-owned business

WBE Canada’s Conference & Gala is a highlight of the year for Canada’s business community. We bring together women-owned businesses from across Canada, corporations and government organizations committed to supporting women-owned businesses through the opportunities in their supply chains as we celebrate the achievements, innovations and incredible impact our community creates on Canadian economy, empowerment of Canadian women-owned businesses and innovations in supply chains. Here’s a sneak … Read more

WBE Canada Conference

Michelle White from Today Living Group provided this video testimonial at the WBE Canada 2018 Annual Conference to discuss the benefits of Certification with WBE Canada for women-owned businesses. Michelle White identifies access to the corporate buyers as the biggest benefit of WBE certification. Instead of talking to gatekeepers, you get to connect with the buyers and corporate professionals who are willing and ready to help you navigate the supply chain.
To learn more about certificatio… Read more

Michelle White: WBE Certification Gives Women Access

“WBE Canada aide un cabinet d’avocats de taille modeste, tel que Walker Law, à rencontrer d’importants fournisseurs qui, autrement, ne le sauraient pas ou ne se rendraient pas compte de leurs capacités. Ils recommandent que les entreprises appartenant à des femmes soient certifiées afin de pouvoir se connecter avec des entreprises qui recherchent des fournisseurs diversifiés auxquels elles n’auraient autrement pas accès. Ce type de partenariat, de communauté et de possibilités d… Read more

Walker Law

CIBC shares excitement around being part of WBE Canada community and having opportunity to meet and support women-owned businesses and engage them in their supply chain opportunities. CIBC is committed to diversifying their supply chain and increasing their spend with diverse suppliers, specifically with Canadian women-owned businesses. Learn more…
To learn more about corporate membership click here. Share this video…

CIBC Is Committed To Diversifying Its Supply Chain

Maude Parisseau from BDC provided this video testimonial at the conference to discuss the benefits of Corporate Membership with WBE Canada. “For us, it was really important to become one because it’s an extension of our mandate,” she said. “BDC is here to support Canadian entrepreneurs. It allows us to meet with different entrepreneurs, to learn more about them, their passion, and also to be able to meet with other organizations and corporations that do encourage other WBEs, and to le… Read more

BDC

October is Cyber Security Awareness Month

Related posts:

About

Business Women

Corporate Members

Get Involved

Resources