As a small to medium-sized business owner, chances are you wear many hats. From admin to finance, marketing to cyber security, your hands are full at all times. As more companies become reliant on digital processes, it presents a risk of cyber threats.
The Cyber Centre defines a cyber incident as any unauthorized attempt, whether successful or not, to gain access to, modify, destroy, delete, or render unavailable any computer network or system resource. Some examples of cyber incidents are phishing, ransomware, and Distributed Denial-of-Service (DDOS ) attacks.
According to the IBM Security X-Force report, the manufacturing industry was most targeted by cybercriminals in 2021. Other popular industries targeted by cyber-attacks were finance & insurance, professional & business services, energy, retail and wholesale, and the healthcare industry. Additionally, the report found that ransomware attacks were the top cyberattack type in 2021.
The Canadian Centre for Cyber Security encourages businesses to remain vigilant and take the time to ensure they are engaged in cyber defence best practices. These practices include:
The Baseline Cyber Security Controls for Small and Medium Organizations lists a set of lower-cost and lower-burden security controls that you can implement to thwart cyber threat factors, reduce exposure to cyber threats, and get the most out of your cyber security investments.
While the Canadian health sector faces an increased risk, these are best practices that all organizations should apply to stay ahead of cyber threats.
An incident response plan ensures that your organization is prepared to detect, respond to, and recover from a cyber incident. The goal is to recover as quickly as possible. An effective plan limits disruptions to internal services, clients, and partners and reduces data loss and reputational damage.
A written incident response plan ensures that responders are ready to carry out the necessary tasks to deal with an incident. It should:
Malware is malicious software designed to infiltrate or damage a computer system. Your organization should protect itself against the threat posed by known malware (i.e. malware that security researchers already know about and that security software can defend against). Focusing on known malware is relatively easy; your organization can enable and securely configure anti-virus and anti-malware solutions, including any software firewalls, on all information systems and assets.
As with all software, your organization should configure these solutions for automatic updates and scans.
Recommendations for your organization:
Cybercriminals take advantage of human error and deception to compromise information systems and assets. For example, cybercriminals can access devices and information if easily guessed passwords are used for accounts. Or cyber threat actors can compromise your organization’s networks and systems by sending emails that contain malicious links or attachments.
Educating employees about common cyber threats can protect your organization and minimize risks. Your organization should consider addressing topics such as the following examples:
For many small and medium organizations, their websites are essential to their business. An offline or defaced website can negatively impact an organization’s operations and reputation. Your organization should properly secure its web presence to avoid possible concerns, such as lost revenue or customer trust and compromised sensitive information.
You can secure your website by using the Application Security Verification Standard (ASVS), which was developed by the Open Web Application Security Project (OWASP). This standard proposes a list of security requirements and controls to implement during all phases of web application development.
Resources to help:
Resources noted in the blog are sourced from Government of Canada
We provide the tools and guidance needed to safeguard your success.
Explore our collection of informative tips and expert guidance.
