Use the free resources available to SMB owners at Rogers Cybersecure Catalyst to understand the fundamentals of cybersecurity and keep your digital assets safe
Your company's digital operations represent a vital path toward growing business, providing new ways for customers to find you and an efficient means for your company to deliver products and information as well as provide services and support to clients.
However, online growth also creates fresh avenues of attack by cybercriminals intent on stealing data, disrupting operations and extorting you and your customers. And the cost of these attacks isn't cheap. Data breaches run small and medium businesses (SMBs) an average of $3.9 million per attack, according to a 2021 report from Cybint Solutions.
What's worse, the same study reports the frequency of attacks has drastically increased since the start of the pandemic, growing 300 per cent over the last year. Cybercriminals are leveraging COVID-19 as an opportunity to attack companies that are rapidly transforming their business models to online storefronts and virtual working.
Indeed, nearly half of Canadian companies admitted to spending nothing on cybersecurity, according to a recent Bureau of Canada survey. Another report from Security Intelligence suggests that two-thirds of SMB decision-makers didn't believe their companies were at risk of falling victim to an attack.
That's why Rogers has made strategic investments in the Rogers Cybersecure Catalyst at Ryerson University. The Catalyst helps support SMBs across Canada to fuel and scale up their cybersecurity programs, so they can help keep their companies and customers secure against rapidly evolving cyber threats.
Simply Secure, a not-for-profit program launched by the Catalyst, offers cybersecurity resources and training designed to equip SMBs with the knowledge and tools to understand cybersecurity risks, build capabilities to mitigate vulnerabilities, and increase their cybersecurity culture. It includes an e-learning course, cybersecurity handbook, and community hub microsite.
Let's look at some of the most prevalent cyber threats facing SMBs and the basic cybersecurity framework used by most successful businesses to thwart them.
The top cybersecurity threats facing SMBs right now
With more and more SMBs rapidly transforming their business models to digital and moving their data online, this increases the targets for cybercriminals. They are looking paydays – through disrupting businesses and stealing valuable sensitive data such as personal information (PI). From ransomware to human error, here are some of the most prevalent cybersecurity concerns for SMBs.
Ransomware is a type of malware attack that locks computers and data files, then demands a ransom payment to unlock them. Imagine turning on your laptop one day to discover all of your most vital data – company secrets, deliverables, email, private client information – is locked, and the only way to get it back is to pay the cybercriminal who holds the key. A TUCU study suggests ransomware demands grew by 80 per cent globally by the end of 2020 compared to the previous year. In Canada they cost SMBs nearly $800 million in payments. Factor in downtime, and the total loss increases to over $2 billion. And those are only reported attacks.
Malware is "malicious software" that is loaded onto a computer without the user’s knowledge, with the intent to cause harm. It can be used for identity theft, to steal credit card data, to spy on a company and wrest control of networked systems for nefarious purposes. Malware finds its way onto employee machines in many ways, from opening email attachments and clicking on fake ads to files hidden on thumb drives. It's been around for decades, and it's not going anywhere.
Phishing is when a cybercriminal sends fraudulent messages that mimic legitimate people and organizations, attempting to gain access to sensitive information such as usernames and passwords, access to financial accounts or sensitive data. Common phishing attacks may seem easy to spot, but they are rapidly evolving with increasing sophistication. In their most potent form – called spear-phishing – cybercriminals use publicly available research to get to know an individual user in order to create better, more believable bait that even tech savvy folks might want to bite.
From using simplistic passwords – like "123456" or "password" – to neglecting to install critical software updates, your own people may be a cybersecurity concern if they are not equipped with the training to help build skills to help defend against cyber threats. Unintentional mistakes can inadvertently expose a company's most vital data, all because they just didn't know what type of threats to be on the lookout for.
It is, and it can even be surprisingly easy, to help protect your business from such a broad array of cyber threats. Cybersecurity is fundamentally broken into five key elements: identify, protect, detect, respond and recover. These elements lock together as a framework to build active defense against cybercriminals.
This is where everything gets laid on the table. Which assets are vulnerable? What sensitive data – including personal information of customers– needs to be protected? What policies and strategies need to be developed and put in place? The wider the net, the safer you'll be.
Proactive measures begin here, including safeguarding sensitive data, implementing security best practices and developing programs to train staff on how to identify and prevent cyber threats.
Active monitoring and early detection of potential cyber threats are key to helping your company be more cybersecure. Implementing automated alert systems that warn key staff of potential attacks, can help increase your cyber defense capabilities.
Prepare and practice your response strategy. The speed to take action is critical – and can be much less stressful when you have a plan to quickly resolve and recover from a cyber attack. This also includes having an effective communication plan to relevant stakeholders and customers.
Recovering from an attack isn't just about restoring systems and data. It also involves learning as much as possible from the current attack so you can avoid future instances.
One of the most critical parts of the process is learning. This is why the Rogers Cybersecure Catalyst created the Simply Secure program for SMB owners and decision-makers.
What is Simply Secure?
The Simply Secure initiative is an educational program based on the cybersecurity framework outlined above. It teaches cybersecurity fundamentals, empowering SMBs to decide on the best and most appropriate protection for their specific industry and business.
The core program is a collection of free resources and training. Among the resources is the SMB handbook 10 Steps to an Effective Cybersecurity Program. This vital guide defines threats and provides advice to build an effective, scalable cybersecurity program.
The course, meanwhile, consists of nine modules that provide a comprehensive cybersecurity overview for SMB owners. It provides primers that will bring you up to speed on the latest risks, expertise on how to build processes and roadmaps, and working templates and checklists to help guide your efforts as you move forward.
The training and resources are designed so that they can be tailored to specific industries and businesses to take into account the types of technology you operate and the kind of products and services you offer, and they touch on key topics such as privacy regulations and the importance of protecting customer, partner and supplier data.
Indeed, by educating yourself on cybersecurity you are proving to customers and partners that you take security seriously. This can actually transform cyber risks into a competitive advantage, since most people are more likely to do business and share data with companies that prioritize security.
It all starts with internet
Understanding fundamental cybersecurity principles allows you to make informed decisions that are the right fit for your company and circumstances. And the first crucial decision you make will probably be choosing an internet package.
Rogers Business Internet comes with built-in network security designed to block malware before it gets to end users, and some plans include Advantage Security, which includes firewall protection, virtual private network (VPN) capabilities for remote access, and customizable content filtering tools to help you control passes through your network.
Visit Rogers for Business to learn about Rogers Business Internet and see why Rogers is dedicated to helping Canadian SMBs keep their digital operations safe and secure.