Get the cyber security protection you need to keep your business safe
From phishing scams that launch ransomware attacks to fraudulent emails that redirect financial funds, keeping your business secure from today’s threats can be overwhelming.
Yet, not prioritizing cyber security or believing a cyber attack won’t happen to your operations are the worst things a small business can do.
In fact, one year after mandatory reporting of data breaches became required for Canadian businesses, data from late 2019 showed more than 28 million Canadians had been affected by a breach in the past twelve months.
The reality is, small businesses need the right combination of cyber security tools and best practices to put a strong and resilient security defence into place.
Identify, protect, detect, respond, recover
When it comes to cyber security, the best place to start is by assessing what’s at stake and where the cyber security risks may exist in your network and operations.
Do you understand the threats that may be targeting your business right now? Would you be able to identify the potential cyber risks that could compromise your operations?
To help you start building a safer business, let’s use the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF), developed by the U.S. Department of Homeland Security, as a blueprint. Endorsed by Public Safety Canada, the NIST frameworkserves as a guideline to help businesses and organizations implement cyber security best practices.
The NIST framework document, downloaded more than half a million times since its initial publication in 2014, outlines industry standards and best practices for cyber security to help organizations understand, manage, and reduce their risks.
With the five elements of the NIST cyber security framework in mind — identify, protect, detect, respond, and recover — here are a few tips to help you start securing your business.
Identify your risks
It starts with the ability to view the activity happening across the devices, computers, systems, and applications within your network. Armed with this intel, you can assess your risks and determine just how exposed your business is to a cyber threat.
According to a recent report, 35% of malicious data breaches were the direct result of a vulnerability, such as a misconfigured cloud server or a third-party software risk.
Identifying and assessing the risks that could impact your operations are key elements of a proactive cyber security plan. Doing a security assessment is a good place to start. You’ll gain an in-depth look at your network and its behaviour, making it easier to identify weaknesses, vulnerabilities, and emerging threats that may lead to unauthorized access or, worse, a cyber attack.
Monitoring is another critical piece. Continual monitoring of your entire network for threats, vulnerabilities, and suspicious activity, using advanced threat monitoring and detection technology, is a must. Covalence, an intelligent, easy-to-use threat monitoring solution from Ottawa-based Field Effect, provides comprehensive 24/7 monitoring with clear, actionable alerts.
Protect your business
Even with security safeguards and protections in place, it’s important to educate and train employees about best security practices.
According to a recent survey by CIRA, 96% of Canadian businesses believe that training is effective in reducing incidents. However, only 41% have mandatory cyber security awareness training for all employees.
Use strong, unique passwords and follow safe password guidelines (hint: the longer, the better with a mix of letters, numbers, and symbols).
Secure your network with strong multi-layered security, including antivirus, a firewall,and other web protection. If one layer of security is compromised, your additional layers will ensure data stays protected. Update your software and applications regularly to reduce the risk of cyber criminals taking advantage of vulnerabilities in outdated software versions. And keep data safe and accessible by using automated backup and recovery software.
Detect new risks and threats
The ability to detect weaknesses, vulnerabilities, and potential threats is a powerful weapon against cyber attacks.
Automated, 24/7 monitoring of your network provides multiple advantages to building safer operations. It will help you stay ahead of the threats and risks that exist in your network, but also identify where you need to invest in security measures.
Respond to threats
Would you know what to do if you suspect someone has unauthorized access to your systems, and potentially your data? Even the most secure business must be prepared to respond to cyber incidents to minimize the impact on their operations.
According to a survey by Statistics Canada, 87% of Canadian businesses that experienced an attack did not have a written policy to manage or report cyber security incidents.
Businesses may be too busy to tackle cyber security planning, including having steps in place to respond to or manage a threat — what the cyber security industry calls “incident response.” But this one step can help you get back into operation sooner, save your reputation, and avoid or reduce fines.
Recover from an attack
Effective recovery from a cyber attack is critical to restore your capabilities and any services impacted. There must be a plan in place outlining required activities, such as recovering systems and data, investigating the attack to learn how it happened, and improving security for the future.
If you don’t have a recovery plan in place or don’t realize the steps to take, you’re not alone —data shows that 43% of SMEs do not have a recovery plan for a cyber security incident.
It’s important to know and follow the right steps for recovery following a cyber attack — and also understand how the attack happened so you can prevent another attack in the future.
Start securing your business today with a free cyber security assessment
Prevention is your best defence. We can help! Contact our cyber security experts today for a free 30-minute security assessment and start identifying your risks.