Recent high-profile cyber attacks and data breaches at Sony, Honda Canada, and LifeLabs have put a spotlight on cybercrime as a growing threat. Many criminals are also taking advantage of the pandemic-induced work-from-home environment.
Despite the rise of cyber attacks, many small business owners still fail to recognize their vulnerability to this type of criminal activity. Just because your business is smaller in scale doesn’t mean it’s immune to a cyber attack. According to a new study by Symantec, 40% of these attacks are made against organizations with fewer than 500 employees.
Large companies generally devote more resources to data security, making small businesses increasingly attractive targets for cyber attacks with devastating results for small business owners. Most Canadian small businesses lack a formal Internet security policy for employees, and only about half have cybersecurity measures in place. Many business owners believe that small ventures are an unlikely target for cyber attacks when in actuality, cybercriminals look for easy targets, such as companies without security protocols in place.
According to Symantec, the average cost of a cyber attack on a small or medium-sized business is nearly $200,000. As a result, almost 60% of the small businesses victimized by cyber attacks are forced to close their doors permanently within six months of the attack. Many of these businesses delay making necessary improvements to their cybersecurity protocols as a cost-saving measure, but the consequences of this delay can be disastrous for small businesses.
The COVID-19 pandemic has also led many organizations to rely on video conferencing technology to conduct meetings and stay connected. However, the increased use of video conferencing technology also means increased cyber risks. For example, cyber criminals who gain access to a conference room can:
- Listen in and gather confidential information to sell or exploit
- Disrupt the meeting with inappropriate materials
- Trick participants into clicking malicious links in the chat
The risk is more significant for organizations with employees working from home. Consider the following tips for keeping your organization and employees safe while using video conferencing software:
- Require passwords and make employees log in before joining a meeting
- Double-check your attendee list before sending a meeting invitation, and review the list during the call
- Share meeting links only with authorized personnel and encourage employees to check the validity of incoming meeting links before clicking on them
- Enable automatic updates on video conferencing software to ensure it is patched with the latest security updates
- Keep employees updated on what the latest scams are, how to identify them and what they should do if they identify one
Ten ways to prevent cyber attacks
Suppose your organization currently doesn’t have the resources to consult an IT expert to make security recommendations. The following simple, economical steps can reduce your risk of falling victim to a costly cyber attack:
- Train employees in cybersecurity best practices
- Install, use, and regularly update antivirus and anti-spyware software on every computer used in your business
- Use a firewall for your Internet connection
- Install software updates for your operating systems and applications as soon as they become available
- Back up all critical company data in a secure location
- Control and restrict physical access to your computers and network components
- Protect your organization’s Wi-Fi networks with a secure password
- Require individual user accounts for each employee’s computer and network access
- Restrict employee access to sensitive data, and limit authority to install software on company devices
- Regularly change passwords and ask your employees to do the same
A data breach could cripple your small business, costing you thousands or millions of dollars in lost sales, compromised data, and other damages.
Contact us today to learn more and to discuss coverage options designed to protect your company against losses from cyber attacks.