See the top IT mistakes common among small and medium-sized businesses and what you can do to solve them.
Mistake #1: Inadequate Training
Cybercriminals love small and medium-sized businesses. Why? Because they know employees are a direct point of weakness. A recent cybersecurity survey report states that only 54 percent of small Canadian businesses provide cybersecurity training for their staff - even though a large portion of cyber threats (phishing attacks especially) are targeted toward employees.
Solution: Create a comprehensive cybersecurity policy that establishes clear guidelines regarding workplace emails, strong passwords (better yet, use a password manager) software updates etc.
*See ZDNet’s 10 Ways to Develop Cybersecurity Policies and Best Practices for more information. Employers can also take advantage of a variety of online cybersecurity policy templates.
Mistake # 2: Failing to Plan for the Worst
According to Statistics Canada, of the many Canadian businesses victimized by cyberattacks (one-fifth and counting), 54 percent were unable to carry out daily operations as a result. But threats to your business extend well beyond cybercrime. Consider Calgary’s 2013 flood (which cost the city nearly $ 1.7 billion in damages and displaced over 110,000 people) or the Fort McMurray fire of 2016 (that destroyed nearly ten percent of the city and over 2,400 structures), for example.
Solution: Develop a business continuity plan that identifies and prevents potential threats, protects your data and allows you to remain up and running in the event of a disaster.
*See our previous post, Business Critical Disaster Recovery and Backup
Mistake #3: General Inconsistency
The Government of Canada reported that although 95% of Canadian businesses have implemented cybersecurity measures (including in-house IT staff), roughly a third employed no form of network security, email security software or anti-malware software. Furthermore, the 2018 survey conducted by CIRA revealed that 71 percent of respondents had no formal patching policy (which stands to guard against IT vulnerabilities).
Solution: Outsourcing network security to a managed IT service provider ensures 24/7/365 monitoring, configured firewalls, spam and malware prevention (especially for email), anti-virus protection, regular patching and more.
Mistake #4: Failing to Recognize the Signs
Although cybersecurity poses a major concern for Canadian businesses, approximately 234,000 organizations reported a cybersecurity incident over the course of a single year - many occurring out of failure to recognize a potential cyber threat or attack**. Of these thousands of businesses, over half were unable to carry out daily operations with an additional third forced to pay expensive repair and recovery costs.
Solution: Slow connections, unusual emails, strange pop-ups and malicious re-directs are just a few of many signs your business has been hacked. Take action immediately in the event of any strange activity and consider enlisting the help of a managed IT services provider to help minimize future threats.
**Estimated numbers based on The Canadian Survey of Cybersecurity and Cybercrime (2017) and CIRA’S 2018 Cybersecurity Survey Report (2018)