According to Statistics Canada 18% of Canadian small businesses are hit by cybercrime every year.[i] Other references have indicated almost 80% of Canadian businesses were hit by an attack between 2020 and 2022.[ii] When the method of breach is ransomware, over two thirds of businesses pay the ransom[iii], because it’s difficult to undo a data breach. That’s why preventing breaches using a robust cybersecurity strategy is essential.
Thankfully, the most effective cybersecurity strategies fit into small business budgets and pay for themselves in saved work-hours. Read on to discover the most pressing cybercrime risks and the most valuable cybersecurity strategies of 2022.
Keep your whole network safe from dynamic new attacks
Botnets and fileless attacks are the newest cybercrime tools, and they’re more covert and powerful than malware and ransomware. Fileless attacks don’t need you to install malware in order to steal data. A fileless attack simply runs on your memory and through your network. It can run in the background without a device’s user realizing anything is different. A fileless attack can turn your device into a member of a botnet—a network of robots that hackers can use in concert to cause crashes and security breaches—without you even knowing.
To reduce fileless attacks’ access, and to prevent users from accidentally installing malware, it’s more important than ever to ensure your users and their devices don’t have Administrator access.
Make sure to set up accounts with just enough privileges for the tasks your staff perform. Even you as a business owner should use low-privilege accounts except on occasions when you need to install software or change system settings. To keep privileges low but reduce IT visits, set up on-demand administrator privileges.
Additionally, subscribe to an endpoint security service that not only checks for malware, but also tracks how each device is connecting to your network and compares it to malicious botnets.
ESET Endpoint Antivirus is a good starting point, it is more than malware protection. It monitors the connections your devices make to your network and checks for suspicious behaviors. ESET is constantly machine learning from the cloud, so it can protect your network as quickly as botnets evolve. ESET for business works on Windows, but it also includes other desktop and mobile platforms, so you can truly include every device in your security strategy. For enhanced protection, consider Endpoint detection and response (EDR) and Extended detection and response (XDR).
Protect your system from fake websites and malware… Free!
Have you ever clicked on a link that ended up at a different website than you thought it would? Many malware and phishing sites look like exact copies of trustworthy sites, except for a tiny typo in the URL. These fake sites could look like legitimate download or login pages, but they give you malware or steal information instead.
It was always time-consuming to check the URL and IP address of every link before clicking on it. But it’s not effective anymore, because most modern websites are full of ads and plugins from servers all over the world.
CIRA Canadian Shield is a DNS resolver that automatically checks those addresses for you. A DNS—or Domain Name System—resolver checks the domain you’re trying to connect to against a list of malicious websites. If the address you’ve requested comes up, the DNS won’t let you connect.
CIRA Canadian Shield gets frequent updates to its list, from cloud and AI services that are constantly finetuning data on the latest malware IPs and botnet behaviours.
Big companies may have their own DNS servers, but smaller companies need affordable services. CIRA Canadian Shield is free and hosted in Canada. It’s made for Canadian-sized small businesses.
Password management is easy … and it prevents huge risks
Machine learning, Artificial Intelligence, and distributed networks can test passwords so quickly, strong passwords can only be the beginning of login security for firms managing sensitive information. While the digital industry is moving towards passwordless access but the reality is login security still depends on good password hygiene, especially now that it’s easy with a password manager.
A password manager with a password generator creates complicated passwords and saves them behind a single encryption. Your staff won’t have to spend time memorizing multiple passwords, so they won’t be tempted to use repeat or simple passwords.
To make your accounts virtually unbreachable, add multi-factor authentication. In addition to a password, multi-factor authentication requires an extra piece of information. This could be a biometric such as a fingerprint, or a randomly generated text to prove the user logging in is carrying other devices assigned to them.
LastPass for Business and Keeper offer multi-factor authentication, plus network-oriented features for firms. Secure password sharing lets groups collaborate without having to look at your passwords. The admin console lets you and your IT team control employee privileges and monitor best practices.
When using password managers like LastPass or Keeper, you naturally employ technology to do the heavy lifting for you to verify the URL before granting access. Password managers will ensure the passwords are only filled where they have to saving you from falling a victim to spoofed pages where adversaries trick you to fill out your credentials into a fake page.
Finally, password managers usually would have Dark Web Monitoring service that scans the Dark Web to see if your accounts and passwords are exposed. Then they warn you of which passwords you need to zero in on to change, and re-secure your accounts.
With a password manager, good login security creates less work for your staff and improves your trust with customers.
Protect online data on one secure platform
If you’re using several different tools to collaborate, then it might save you time and risk to move all of your activities to one secure platform on the cloud.
Email is not a secure way to transfer sensitive information. You may be using other platforms that are more secure, but using several platforms adds more entry points to your business, resulting in more breach risks. Your staff may care about cybersecurity best practices, but it’s up to you to lower the number of chances for slip-ups as much as possible.
Besides having different entry points, your online platforms may have servers in different jurisdictions all over the world, so your customers and insurance providers won’t know you’re secure.
If you already have Microsoft 365, then SharePoint is the obvious choice for bringing all your information onto one platform. You’ll already know the jurisdictions you’re working with and your applications will practically already be integrated. It will be easy to make logging in fast for your staff with settings such as single sign-on, and it will be easy for you and your IT provider to set strong security settings for all your cloud software. Using a single cloud platform will pay for itself, build trust, and save time for your staff.
A robust cybersecurity strategy offers amazing value and makes everyone’s jobs easier, improving morale. These four basic strategies will cover most businesses’ security needs. If you have any questions about your company’s cybersecurity strategy, ask your IT provider. Make it a priority! And feel free to call us for a complimentary 30-minute consultation.
Final Tip: Everyone should ensure multi-factor authentication is enabled on all critical accounts, consider bank accounts, tax agencies, accounting software, email access…etc.
[i] “The Daily” by StatsCan. “Since the onset of the pandemic, work and business transactions have increasingly been conducted virtually rather than in-person, and along with this increase comes increased awareness and increased concerns about privacy, data protection and cyber security.” https://www150.statcan.gc.ca/n1/daily-quotidien/201020/dq201020a-eng.htm
[ii] Canada Cyber Crime Statistics “The 2020 Cyberthreat Defense Report (CDR) by CyberEdge Group provides a wealth of information about cyber-attacks across the globe. It found that 78 percent of Canadian organizations experienced at least one cyberattack within a 12-month period. In 2021, this figure rose to 85.7 of Canadian companies.” Canada Cyber Crime Statistics: Cyber Security in 2020-22 (comparitech.com)
[iii] The CIRA source says that “Of that group [ransomware targets], a majority (69 per cent) say their organization paid the ransom demands, while 59 per cent report that data was exfiltrated.” https://www.cira.ca/resources/cybersecurity/report/2021-cira-cybersecurity-survey