December 2020 - 4 Critical Cyber Security Protections EVERY Business Must Have in Place NOW to Avoid Being Hacked

In 2019, 21% of Canadian businesses reported being impacted by cyber security incidents, according to Statistics Canada.  Small to medium businesses however, face a unique challenge - “Industry leaders describe what they call the ‘cybersecurity gap’ - the lack of education around cybersecurity threats facing small businesses, the misperception among owners that they’re not targets and a lack of awareness of the resources available to help them manage their risk” according to The Globe and Mail. According to Dan Kelly, President and CEO of the Canadian Federation of Independent Business, “Small businesses are just as often the victims – often precisely because they’re seen as soft targets who don’t have the same level of protection or preparation.” “I think most business owners know that cybersecurity is important, but running a business often means you’re leaping from fire to fire and when you’re trying to put them all out, cybersecurity can slip down the list,” Kelly says. “Sadly, the first time many businesses stop and think about it properly is when there’s been a breach, and by then it’s too late.” Educate yourself now about how to limit exposure and manage risk in your business before “it’s too late.”  Consider four things you can do (and should do) right now to protect your business, your data and your customers:   1. Create a Culture of Awareness Education is a powerful tool, and that is 100% true when it comes to cyber security. Employees are your biggest risk so you need to empower them to spot threats and reduce risk.  There are several steps you can take to create a culture of awareness. This includes employee Cyber Security training, which provides ongoing education that keeps everyone in your organization informed about the latest threats and how  to combat them.  Topics covered should include social engineering, safe Internet habits, how to spot phishing attacks, password hygiene, and even physical office security. Training helps your team identify threats and recognize when someone is trying to break into your network (such as through a phishing scam). Because cyberthreats are constantly evolving, ongoing education will keep these threats top of mind, so as the threats change, your team has the knowledge to recognize and protect your organization from them. A good IT provider can provide both training and/or suggestions on Cyber Awareness Training programs that will fit your organization’s needs.   2. Monitor Threats 24/7 This is where partnering with an experienced IT services company really helps. An IT services company can watch  your network 24/7. This way, when something or someone attempts to force their way into your network, your IT support can stop it before it becomes a problem. Even better, threat monitoring helps protect your team from more common types of attacks, such as malware or ransomware attacks. If an employee were to accidentally click a harmful link or download a malicious program, it can be isolated before it infects the computer and spreads throughout your network.   3. Make Sure Protections are Up-To-Date When software companies discover a security weakness in their system, they release updates to close them. If you don't promptly apply those updates, you're leaving yourself vulnerable. Remember that hackers are constantly looking for vulnerabilities in software, apps and devices and are happy to use any holes you leave open. Practically every piece of hardware and software you use needs to be updated at some point.  CRM software is a good example. This software connects your business with customers, and it can be used to store all kinds of information, including very sensitive customer data such as credit card numbers. Should a vulnerability be found, hackers won’t waste any time attempting to exploit it. In response, the makers of that CRM software should send out a security patch. If you do not make the update (or have the update automatically installed), your risk increases significantly. Again, working with an IT services firm or a managed services provider can help you address this very important step. They can ensure everything under your roof is up-to-date and that you have all the latest protections.   4. Have a Plan Every single person on your team should be on the same page. They should all be required to use unique and strong passwords and utilize a password manager. Multi-Factor Authentication is also a vital protection all staff should have in place. They should have the knowledge and vigilance to identify potential phishing scams. You should have an IT Incident Response Plan – a detailed set of instructions that spell out every detail of your IT protocol and cyber security strategies.  It helps your staff know how to detect, respond to and recover from incidents like cybercrime, data loss, and service outages that threaten daily work.  This goes hand in hand with the three points we’ve already discussed: awareness, threat monitoring and keeping hardware and software updated. When you have a plan, you know exactly what to do when threats come your way. You’re ready and aware. Cyberthreats are always going to be out there. There isn’t anything you can do about that. But there are steps you can take to prepare your business for those threats. Put these four points into action, work with a knowledgeable IT services provider and give yourself the advantage.