Cyberattacks: how to prepare yourself?
For many of us, Captain Jack Sparrow springs to mind when talking about pirates. However, modern-day pirates like hackers (or cyberpirates) are no laughing matter and will pillage everything in their path.
Is your business ready to withstand a cyberattack? Let’s take a look at this issue together and see what you can do to prepare yourself.
Cyberattacks, a real threat
Were you aware that most cyberattacks remain secret? And they target organizations of all sizes:
- In 2019, 21% of Canadian businesses disclosed they had experienced a cybersecurity incident. They reported spending $7 billion to stop, detect or recover from such incidents.
- In 2021, another study revealed that 63% of businesses surveyed across the country had seen an increase in targeted cyberattacks.
Telework is partly to blame: makeshift solutions were often quickly cobbled together in 2020 to allow people to start working from home. With employees woefully unprepared and lacking cybersecurity training, poorly planned remote access has encouraged pirates to board.
Industries targeted by hackers: all of ‘em!
Large companies, government departments, small- and medium-sized businesses: everybody is at risk.
As a business owner, you may believe your computer contents hold little value, but your customers’ personal data is quite valuable. An organization becomes a target for cybercriminals as soon as it starts managing personal information, such as banking details.
Businesses have an obligation to protect their customers’ personal information. They are now required to report any situation – including those with a service provider – when this event can harm the people involved. For more information, visit the Office of the Privacy Commission of Canada.
Most common kinds of cyberattack
Computer hacking attempts constantly evolve. There are varying levels of damage too: causing a crash, hacking applications, encrypting your data, sending spam (junk email) from your address, etc
Being aware of their tactics will help you thwart their attempts so take a good look at some of the most common ones in practice at this time:
- Phishing is based on fake emails from legitimate organizations or even fake websites. This kind of scam is usually used to access payment information or passwords. You can often spot fishy information in phishing emails: spelling mistakes, unknown shipping address, etc.
- Ransomware is a program that blocks access to data, systems or files. Hackers demand a ransom be paid for victim companies to regain their access or to “release data”.
- Malware allows access to a computer network to harm a system. It can be installed on our workstations without our knowledge.
How to strengthen your defense?
The first step is to avoid falling into the trap of believing this type of threat only happens to others. On the contrary, you have to develop and plan a personal cyberplan in the event of an attack. It’s similar to a fire safety plan, for example. The goal is to have a process that allows you to quickly and properly react so you lose as little data, time and money as possible.
Here are some concrete ways to shore up your defense.
1. Get equipped
If your business employs any IT professionals, this is what they’ll need to set up. No IT team? Make sure you follow these steps to the letter: some downloadable security applications provide IT solutions comparable to those of the largest corporations.
- Use monitoring and defense mechanisms
Getting hacked is a big deal but you have to be able to detect it! Victims are not always aware of the intrusion and theft of personal information. It is essential to have a good firewall system. It puts up a barrier between your data, the general public and hackers.
- Make sure infrastructure and workstations use up-to-date versions of security systems, software (including an antivirus) and web browsers. Staying on top of updates remains the best defense: outdated versions open the door to malware.
- Secure the Wi-Fii, if available: to do so, change the router address and generic password received from the Internet provider.
- Schedule important data backups for your company somewhere else (virtual or hardware) than the usual system.
2. Stay in the driver’s seat
As a business owner, you should:
- appoint an IT security officer to handle prevention and respond to incidents
- limit access to sensitive information to those who need it for business purposes
- permanently delete personal data no longer required
- use different computers for your business life and private life
- establish clear rules for your systems to stay “clean” by informing staff about what they can and cannot install on their computers
- disable everything when employees leave the organization, including the email inbox and access to the computer and network, etc.
3. Provide employees with cybersecurity training
Regular training will help educate your team about protecting personal information and phishing-associated risks. Everybody has to implement good practices, such as:
- lock their computer while away from their desk
- create strong passwords that contain letters, numbers and symbols; weak passwords provide an easy in for malware
- close applications you are not using, like Bluetooth which can make it easier for hackers
- install a firewall for their home network, in the event of teleworking
- chose secure ways to send sensitive data. Some employees include SIN numbers by email or in Teams chats. Don’t do that!
- Immediately report any discrepancies
A strategic defense
Truth be told, no commercial insurance can shield you from cyberattacks: you are the defender … and it is worth every iota of effort: when you block cyberattacks, you protect your customers, your reputation and your business.