Cyberattacks: how to prepare yourself?

For many of us, Captain Jack Sparrow springs to mind when talking about pirates. However, modern-day pirates like hackers (or cyberpirates) are no laughing matter and will pillage everything in their path.

Is your business ready to withstand a cyberattack? Let’s take a look at this issue together and see what you can do to prepare yourself.

Cyberattacks, a real threat

Were you aware that most cyberattacks remain secret? And they target organizations of all sizes:

Telework is partly to blame: makeshift solutions were often quickly cobbled together in 2020 to allow people to start working from home. With employees woefully unprepared and lacking cybersecurity training, poorly planned remote access has encouraged pirates to board.

Industries targeted by hackers: all of ‘em!

Large companies, government departments, small- and medium-sized businesses: everybody is at risk.

As a business owner, you may believe your computer contents hold little value, but your customers’ personal data is quite valuable. An organization becomes a target for cybercriminals as soon as it starts managing personal information, such as banking details.

Small- and medium-sized businesses, easy marks

The SMBs are easy targets, especially the smaller businesses. With few exceptions, they don’t have any IT expertise or security professionals on hand. Yet many do business online and handle personal data. The StaySafeOnline.org website indicates that 71% of data protection incidents involve small businesses and that half of them have already been hacked.

Businesses have an obligation to protect their customers’ personal information. They are now required to report any situation – including those with a service provider – when this event can harm the people involved. For more information, visit the Office of the Privacy Commission of Canada.

A mini portrait of cyberpirates

Most attacks nowadays start with malware that searches networks every second to exploit vulnerable computer systems. All kinds of hackers are hiding behind this malicious software. Sometimes, they work at the targeted company and have no criminal background. Others are real experts.

Cybercriminals are usually motivated by:

  • financial gain
  • a wish to attain a level of technical prowess to satisfy their ego, achieve visibility and show off their skills
  • corporate espionage, to bring back strategic information on competitors
  • political attacks, to denounce practices or harm a government

Some cybercriminal organizations have been able to fill their bank accounts and perfect their techniques and tools: they have turned IT attacks into a real industry.

Most common kinds of cyberattack

Computer hacking attempts constantly evolve. There are varying levels of damage too: causing a crash, hacking applications, encrypting your data, sending spam (junk email) from your address, etc

Being aware of their tactics will help you thwart their attempts so take a good look at some of the most common ones in practice at this time:

  • Phishing is based on fake emails from legitimate organizations or even fake websites. This kind of scam is usually used to access payment information or passwords. You can often spot fishy information in phishing emails: spelling mistakes, unknown shipping address, etc.
  • Ransomware is a program that blocks access to data, systems or files. Hackers demand a ransom be paid for victim companies to regain their access or to “release data”.
  • Malware allows access to a computer network to harm a system. It can be installed on our workstations without our knowledge.

How to strengthen your defense?

The first step is to avoid falling into the trap of believing this type of threat only happens to others. On the contrary, you have to develop and plan a personal cyberplan in the event of an attack. It’s similar to a fire safety plan, for example. The goal is to have a process that allows you to quickly and properly react so you lose as little data, time and money as possible.

Here are some concrete ways to shore up your defense.

1. Get equipped

If your business employs any IT professionals, this is what they’ll need to set up. No IT team? Make sure you follow these steps to the letter: some downloadable security applications provide IT solutions comparable to those of the largest corporations.

  • Use monitoring and defense mechanisms
    Getting hacked is a big deal but you have to be able to detect it! Victims are not always aware of the intrusion and theft of personal information. It is essential to have a good firewall system. It puts up a barrier between your data, the general public and hackers.
  • Make sure infrastructure and workstations use up-to-date versions of security systems, software (including an antivirus) and web browsers. Staying on top of updates remains the best defense: outdated versions open the door to malware.
  • Secure the Wi-Fii, if available: to do so, change the router address and generic password received from the Internet provider.
  • Schedule important data backups for your company somewhere else (virtual or hardware) than the usual system.

2. Stay in the driver’s seat

As a business owner, you should:

  • appoint an IT security officer to handle prevention and respond to incidents
  • limit access to sensitive information to those who need it for business purposes
  • permanently delete personal data no longer required
  • use different computers for your business life and private life
  • establish clear rules for your systems to stay “clean” by informing staff about what they can and cannot install on their computers
  • disable everything when employees leave the organization, including the email inbox and access to the computer and network, etc.
3. Provide employees with cybersecurity training

Regular training will help educate your team about protecting personal information and phishing-associated risks. Everybody has to implement good practices, such as:

  • lock their computer while away from their desk
  • create strong passwords that contain letters, numbers and symbols; weak passwords provide an easy in for malware
  • close applications you are not using, like Bluetooth which can make it easier for hackers
  • install a firewall for their home network, in the event of teleworking
  • chose secure ways to send sensitive data. Some employees include SIN numbers by email or in Teams chats. Don’t do that!
  • Immediately report any discrepancies

A strategic defense

Truth be told, no commercial insurance can shield you from cyberattacks: you are the defender … and it is worth every iota of effort: when you block cyberattacks, you protect your customers, your reputation and your business.