In recent years, high-profile cyber attacks and data leaks have affected some of the biggest corporations and most powerful governments in the world. But it’s not only the biggest fish that get caught in the hacker’s net. According to Statistics Canada, 19 per cent of businesses with 10 to 49 employees, and 28 per cent of those with 50 to 249 employees, reported being impacted by a cybersecurity incident that affected operations. And for smaller businesses, the fallout from a data breach can be devastating.
Cyber attacks are a matter of "when" not "if"
A breach can be caused by something as simple as an employee opening an email that should have been quarantined, or downloading a piece of software with hidden malware. Since business owners have information that is valuable to cyber criminals, there are also malicious online bots running 24/7, probing every network they can find for weak passwords or unpatched vulnerabilities. Regardless of how it happens, once your system has been compromised, it’s just a matter of time before the trouble begins.
Personal and financial information can be stolen and misused or publicized. Server downtime may leave employees unable to work. Website takeovers can erode trust and lock out customers. In every case, damage control and repair after the fact is more expensive and time consuming than effective prevention would have been.
Preparedness starts with employee training. Straightforward education about things like password and email hygiene, WiFi security, and account management can mitigate a lot of risks up front.
— Adam Evans
Vice President Cyber Operations & Chief Information Security Officer at Royal Bank of Canada (RBC)
Cybersecurity is risk management
"You have to understand that cyber-risk is just another risk that your business has to manage now," says Adam Evans, Vice President, Cyber Operations & Chief Information Security Officer at Royal Bank of Canada (RBC). "Thirty years ago in the banking world, if you were going to build a branch in a highly volatile neighbourhood, you would not put that branch out there without locks on the doors, alarm systems, cameras and a vault. Similarly, when operating a business with a cyber or Internet presence, it’s a highly volatile environment, and you’ve got to take the right precautions to make sure your business remains viable in that environment, and it’s all about education and understanding the risks.”
Preparedness starts with employee training. Straightforward education about things like password and email hygiene, WiFi security, and account management can mitigate a lot of risks up front. Technology and software, like firewalls and anti-malware programs, are also important tools, though no technological solution will keep you perfectly safe from the innovation of cyber criminals. At the end of the day, teams of dedicated hackers need to be counteracted by teams of dedicated cybersecurity professionals. Of course, that represents an expense that many small and medium businesses find difficult to bear.
Therefore, it is critical for Canadian businesses to stay informed to protect themselves in today’s digital landscape. To help business owners, RBC has created resources for small and medium businesses to manage cyber risk. Check out the new rbc.com/cyber/business site for more information on how to protect your business. With the right knowledge, you can ensure that your digital doors are as well-secured as your physical ones.
Get cyber security working for you!
This article originally appeared on the Innovating Canada site on September 24, 2019.