Industry experts share lessons and tips to help you protect your business.
Last year, more than half of Canadian businesses hit by ransomware or malware paid the ransom amounts demanded by cybercriminals. To educate businesses on how to protect their data, we recently brought together three key industry experts to share lessons and tips with our webinar attendees: Tom Sides, partner at Dentons Canada LLP; Brendan Salvo, Director at Blackpoint; and Calvin Engen, Chief Technology Officer at F12.net. Hosted by Devon Gillard, Chief Marketing Officer at F12.net. Here are the key takeaways from the webinar.
SMBs are at the greatest risk. “Without question, the most prevalent issues are wire transfer fraud and ransomware attacks on small to medium businesses,” says Calvin Engen, CTO at F12.net. These companies don’t have the budgets or resources to spend on cyber security that larger companies do, and hackers are taking advantage of their lack of layered protection. “Your weakest link is that first barrier into the network,” says Engen. Ensure your employees are not using the same password twice, that you are all using multi-factor authentication, and that your data is backed up on the cloud, separate from where your data is stored. [44:40]
Consult with an advisor. Several cyber security services or products promise a level of protection that they don’t always deliver. When researching products, a trusted IT advisor can help you determine which ones might be too good to be true. “Security is never going to be an automated function,” says Brendan Salvo, Director at Blackpoint. Make sure that any heavy reliance on automation is supported by someone who can make an informed decision about potential risks. “It’s complicated . . . but there’s a lot of information available, a lot of experts . . . that are available for people. It’s no excuse to bury your head in the sand,” says Tom Sides, partner at Dentons Canada LLP. [41:17] [43:15] [47:16]
Educate your staff. Over eight billion passwords have been leaked, so it’s safe to assume that several of your employees’ passwords are no longer private. Cyber security breaches are usually enabled through opening an email or downloading a file, so encouraging a security-focused culture among your employees is an important step to lower your risk of attack. Educating your staff about what phishing emails look like, or the importance of multi-factor authentication is a way to build on your layers of protection without spending money. [53:14]
Lead by example. As a company owner, the approach to cyber security needs to start with you. “If you don’t know where your weaknesses are, how can you ensure you’re making the right adjustments to ensure that you’re protected?” says Engen. Develop an incident response plan, a recovery plan and a communication plan to the stakeholders that would need to be informed about a breach. Learn what data is most valuable to your business, and evaluate what your business might look like as a potential ransomware target. [36:00]
Make a long-term commitment. Investing in cyber security is expensive and complicated, but it is vital to anyone conducting business online. “It’s never going to be just a task that you’ve accomplished,” says Salvo. “It’s an ever-evolving industry, so you need that continuous improvement process.” A regular review of your levels of security, protocol during a breach, and areas of weakness within your network will help keep your business’s data private. If you can, ensure a dedicated human employee or team that can monitor network activity and respond to concerns anyone may have about your business’s safety. [51:10]