One out of five Canadian businesses experienced a cybersecurity incident in 2017, according to Statistics Canada. The total costs of prevention, detection and recovery from incidents in 2017 totaled $14 billion.
Surprisingly, many businesses still don’t take steps to protect themselves. Only 54 per cent of small businesses provide cybersecurity training for their employees according to the Canadian Internet Registration Authority (CIRA), even though phishing attacks, which directly target employees, are the most common.
With attacks sure to increase in frequency, here are five things to do right now to protect your business against cyber crime:
1. Regularly Back up Data Off-site.
Businesses hold valuable information that cyber criminals are looking for, like employee and customer records or financial information. Consistently back up your data so if your company is ever attacked by ransomware, you can minimize the impact. The best way to back up files is by using a secure off-site system that continuously creates new versions of all of a company’s data.
2. Implement Formal Security Policies.
Establishing security practices and policies, and enforcing them, is essential to protecting your systems. Protecting the office network should beon everyone’s mind since those who use it can be a potential target for attackers. Explain security practices and policies to employees to help them understand why they are in place, how they apply to them and what the potential risks are, to them and the business, if they are not followed.
3. Keep Your Software up to Date.
Software and hardware manufacturers routinely issue updates and what are called “patches” to improve security. Hackers, along with malicious programs or viruses, find weaknesses in software(called vulnerabilities) that they exploit to access computers, smartphones or tablets. Installing updates fixes these vulnerabilities and helps keep these devices secure. For optimal security, every device at a small business must download and install all updates and patches on a regular basis.
4. Develop an Incident Response Plan.
An incident response plan contains the instructions and procedures your business can use to identify,respond to, and mitigate the effects of a cyber incident.The plan should indicate who is responsible for handling incidents, as well as relevant contact information for communicating with external parties,stakeholders, and regulators. Review the plan quarterly and make updates accordingly.
5. Educate Your Employees.
Teach your employees about cyber threats and the different ways cyber criminals can infiltrate your systems. Show them how to protect the business’s data by training them on how to recognize the signs of a breach and how to stay safe while using the company’s network. If your employees understand these threats, they can help avoid them.
More free resources from RBC on how to protect your business from fraud:
- RBC Chief Information Security Officer Adam Evans shares Three Ways to Protect Your Business from Cyberfraud. “It’s not about if; it’s going to be a when scenario,” he says in the “How to Protect Your Business from Cyberfraud” podcast.
- Download the free RBC eGuide: Little Book of Scams for Business Owners. Fraudsters are getting smarter and more sophisticated. Learn about the most common scams owners face.
For more information, visit RBC.com/cyber
This article is intended as general information only and is not to be relied upon as constituting legal, financial or other professional advice. A professional advisor should be consulted regarding your specific situation. Information presented is believed to be factual and up-to-date but we do not guarantee its accuracy and it should not be regarded as a complete analysis of the subjects discussed. All expressions of opinion reflect the judgment of the authors as of the date of publication and are subject to change. No endorsement of any third parties or their advice, opinions, information, products or services is expressly given or implied by Royal Bank of Canada or any of its affiliates.