A recent Statistics Canada report found that 18 per cent of Canadian businesses suffered cyber security attacks in 2021, with large businesses hit hardest (37 per cent) compared with small (16 per cent) and medium-sized companies (25 per cent). Any size of business can be a target for a cyber attack, but an RBC survey found that 32 per cent of Canadian small business owners aren’t prepared.
While businesses may claim a lack of resources and funding to implement cyber security strategies, protecting your business doesn’t have to come with a high price tag. Investing in cyber security can be a business enabler and help you build a successful and secure organization.
Here are 5 tips to help protect your business and leverage cyber security for growth.
1. Build a cyber secure culture from the top down
In a recent conversation between RBC Chief Information Security Officer Adam Evans and Michael Argast, CEO of Kobalt.io, Argast explains that an organization’s resilience depends on building a cyber security culture. “A culture isn’t just some person in a closet in IT working on the problem, but it starts with a Board and impacts leadership and management, all the way down to the frontline employees who interact with customers and deal with the day-to-day work for the company.”
When security is a top priority for an organization, it becomes embedded into its DNA, and everyone understands the priority cyber security has on delivering business services.
2. Limit who manages and installs software
As cyber criminals become more sophisticated, it can be more difficult to recognize what is legitimate and what is not. In recent years, there have been numerous incidents of customers being victims of ransomware when a fake “software update” was pushed out from a vendor. Experts believe a “zero trust” approach is needed to help protect against such attacks. Limit your staff’s ability to install new software or run updates unsupervised. While it’s more work for IT managers who oversee installations, the cost to protect your company and your customers is low compared to the risks you’re avoiding.
3. Implement multifactor authentication
Multifactor authentication (MFA) is a simple way to add security to the accounts that your employees access every day. MFA, also known as Two Factor Authentication (2FA) requires a second kind of verification — such as a fingerprint or PIN — and can help prevent common vulnerabilities like reused passwords by offering a second line of defence.
Using MFA, you can help improve your data security and shield user data from unwanted access, protecting your business from data loss and downtime.
4. Train your employees
Since the start of COVID, the volume of phishing, vishing, business email fraud, and other attacks has doubled. As Michael Argast explains, “educating employees is not only important to protecting day-to-day operations, it can help you achieve compliance and accelerate the growth of your business.”
Because cyber criminals use deception and human error to compromise information systems and assets, educating employees about common cyber threats can help protect your organization and minimize risks.
Training can involve addressing topics such as password creation, social media safety, approved software applications and identifying malicious emails. It’s an essential — and low-cost — way to creating a cyber secure operation.
5. Promote your cyber security practices
Once your cyber security practices are in place, letting your clients, users and partners know can help you grow your business. As Adam Evans explains, businesses that adopt strong cyber security measures are “more resilient to the digital threat landscape, their services are up for longer, and they can continue to deliver business to their clients.” Argast agrees, saying, “businesses that invest in security and can prove to their clientele that they’re doing the right things find that their sales cycles are faster and they’re able to win larger and more complex deals with more mature clients.”
While nearly a third of small businesses in Canada aren’t prepared for a potential cyber attack, the cost and effort of protecting the organization shouldn’t impede your action. The better your cyber security controls and practices, the more you can win business, gain clients’ trust and be in a position to accurately and consistently deliver the services you promise to provide.
This article is intended as general information only and is not to be relied upon as constituting legal, financial or other professional advice. A professional advisor should be consulted regarding your specific situation. Information presented is believed to be factual and up-to-date but we do not guarantee its accuracy and it should not be regarded as a complete analysis of the subjects discussed. All expressions of opinion reflect the judgment of the authors as of the date of publication and are subject to change. No endorsement of any third parties or their advice, opinions, information, products or services is expressly given or implied by Royal Bank of Canada or any of its affiliates.