10 Cybersecurity Tips for Small Businesses

IBC’s Cyber Savvy Report Card, a report following a survey of employees and business owners, highlights the risks many Canadian organizations face, including:

• Only 48% have implemented defences against a possible cyber-attack.

• Only 31% say their business has made cybersecurity a priority and created a cyber-safe culture.

• Only 35% of small businesses have mandatory cybersecurity training for employees.

• 41% of respondents believe it’s only a matter of time until they are hit by a cyber-attack. 

No small business is immune to cyber-attack risk, but that doesn’t mean you have to make it easy for cybercriminals to infiltrate your network. Here are 10 ways to up your company’s cybersecurity protection:

1. Keep systems and software up to date

From applying required patches to software, updating web browsers and operating systems, ensuring no weak links across your network is vital. These actions are among the best defences against viruses, malware, and other cyber threats.

2. Train your employees

More than 80% of data breaches occur because of human error. That highlights the need for organizations to train their employees on recommended cybersecurity best practices. As poor cybersecurity combined with increasingly connected personal devices gives attackers an advantage, enact a policy forbidding employees from using their personal devices to access company data. 

Also, limit employees’ access to the data and systems they need to do their jobs. They shouldn’t have access to data and systems that aren’t required for their roles in your business. Additionally, establish policies and procedures to prevent employees from installing software on their work computers without permission.

3. Create strong passwords and use multi-factor authentication (MFA)

Data from IT security firm Trend Micro finds that 75% of cyber-attacks start with an email. That makes it critical to ensure you create strong email passwords that are unique and difficult to figure out by using numbers, letters, and symbols. In addition, taking advantage of multi-factor authentication – a method that requires users to provide two or more verification factors to access an application or account – is an effective way to help thwart an attack.

4. Backup your mission-critical data

It’s wise to automate and regularly back up your organization’s data and store copies offsite and in the cloud. Everything from financial files, employee data, documents and spreadsheets, and databases should be backed up at least weekly.

5. Use a Virtual Private Network (VPN)

A VPN is affordable for small businesses and required if your employees work remotely. VPNs establish secure network connections by encrypting your online traffic and disguising your identity by hiding your IP address. VPNs prevent people outside your secure network from seeing which websites and data you access online. 

6. Use digital payment best practices

Follow the guidance and security obligations of your digital payments processor or bank and ensure you use the tools, practices, and anti-fraud measures they recommend. Keep your point-of-sale (POS) payment system isolated from your other systems, and avoid using the same laptop or computer you use for processing payments to surf the internet.

7. Conduct a cybersecurity risk audit

Review your company’s networks, software and cloud storage systems, and email systems. Look for potential gaps in your defences. For example, where is your business’s confidential information stored, and who can access it?  

8. Deploy antivirus software

Antivirus software deployed on all devices can help thwart viruses, spyware, malware, phishing scams, and ransomware attacks. Ensure the antivirus software you use is updated regularly.

9. Encrypt sensitive information

Critical information should always be encrypted. Especially any data related to financial information like credit and debit cards, bank accounts, and billing. While encrypted data won’t prevent a cyber-attack, if it’s stolen, it’s useless to the hacker without the keys to decrypt and decipher it.

10. Get cyber liability insurance

Even if you deploy the above recommendations and take further steps to reduce your exposure to online threats, there are no guarantees your business won’t be impacted by a cyber-attack. That’s why it’s wise to include cyber liability insurance in your overall business insurance policy.  

Cyber liability insurance provides a wide range of support if you suffer any cyber-attack. It can include funds to repair and restore your affected software systems or restore compromised data, coverage for potential lawsuits arising from a cyber-attack including legal advice, credit monitoring and crisis management services and coverage for financial losses you sustain due to a system outage resulting from an attack. 

Speak to a licensed Zensurance broker if you want to add cyber liability protection to your policy or have questions about it.

Additional Cybersecurity Resources for Canadian Small Businesses

There are several free resources available for business owners to leverage to help enhance their cyber defences and knowledge, including:

• The Canadian Centre for Cyber Security has many resources for individuals and business owners.
• The Canadian Internet Registration Authority provides affordable training courses for small teams and a free course for employees who work from home.
• The Insurance Bureau of Canada provides resources to help small businesses learn about cybersecurity.
• Cybersecurity provider ESET offers a free one-hour cybersecurity training course.
• Toronto Metropolitan University offers a cybersecurity training program called Simply Secure for individuals and small businesses.
• Amazon also provides a free cybersecurity awareness training course for business owners and individuals.

Recent Posts