If you ask someone what makes October special, they may talk about the beautiful fall colours, or Thanksgiving and Halloween festivities. What people may not know is that October is also Cyber Security Awareness Month, and a time to recognize the efforts of Canadian entrepreneurs and small businesses during Small Business Week (Oct 15-19, 2018).
In recognition of both Cyber Security Awareness Month and Small Business Week, this article provides some guidance for small business owners to protect their business and customer data in our digital world.
First, it’s important to address a common misperception – that the potential gain from a cyberattack on a smaller business is less than one targeted at a larger business, and therefore, cyber criminals aren’t interested in targeting small businesses. This is not the case. According to CIRA’s 2018 Canadian Cybersecurity Survey Spring Edition report, “the number of small businesses impacted by cyberattacks, while less than half the rate reported by large organizations, is nonetheless significant and a cause for serious concern.”
So what can small businesses do to mitigate potential risks? Below are five basic, but important steps:
1. Educate employees to recognize potential threats. Email is the most common cyberattack and can often be blamed for breaches and ransomware. With this in mind, it’s vital that employees be on the lookout for malicious emails. Educate them on how to spot a suspicious email and be wary of clicking on links or attachments from unknown sources.
Employees should also understand the possible risks that come with using USB keys as they are an easy way to unknowingly introduce a cyber threat into your network. To help mitigate the risk, you may wish to establish a policy governing the use of USBs (for instance, restricting them all together or only allowing the use of company-issued USBs).
2. Update software and operating systems. This simple step can be easy to overlook or postpone, especially for small business owners who wear many hats and have a mile-long to-do list. Always prioritize software updates so you’re best protected against the latest threats and known vulnerabilities.
3. Secure your Wi-fi network. Just like you’re cautious about who you let into your physical premises, be careful how you lock down your wireless network. This includes changing your SSID or network name so it doesn’t provide insight into the type of router you’re using, changing default admin usernames and passwords, and disabling wireless access to your admin portal (that is, only enable changes via a wired, Ethernet connection). Turn on data encryption and use strong passwords to prevent unauthorized access, and always keep router firmware up to date.
4. Back up your data. Backing up your information is like purchasing car insurance – you hope to never use it, but if misfortune lands on your doorstep you will be very glad you have it. If your data is ever held hostage for ransom and you have back-ups in place, you can continue operations seamlessly, minimizing downtime and potential impacts to your business.
5. Protect yourself with reliable, high quality security solutions you can trust. Partner with a trusted IT security provider for reliable anti-malware, firewall, content filtering and encryption solutions to help protect your network, applications and email communications.
Read more about protecting your small business from cyber threats in the Get Cyber Safe Guide for Small Business and consider booking a free, in-person or virtual TELUS Wise workshop for your employees as an addition to your employee security awareness efforts.
The TELUS Wise workshop for adults offers insight into common threats such as ransomware, spyware and phishing, and also provides Internet, smartphone and social media tips and tricks that can help your employees stay safe online. Request a workshop today or contact firstname.lastname@example.org to learn more.