Cybersecurity matters. While a cyberattack can cause untold damage to sensitive financial and customer data, it may also leave lasting scars on your business’s reputation.

It seems unfair that customers could turn away from a business that has experienced a cyberattack, but this is exactly what may happen. When KPMG surveyed Canadians about cybersecurity recently, it discovered 90 percent are wary of sharing their personal or financial information with a company that has had a cyber-attack or breach.

“The majority of cyberattacks focus on small to medium business but largely go unnoticed because they don’t make the headlines like their larger, Fortune 500 cousins or household brand names like hotel chains, banks and airlines,” according to Mark Sangster, VP and Industry Security Strategist at Waterloo-based cybersecurity company, eSentire.

Common types of Cyberattacks on Canadian Small to Medium Businesses (SMBs)

Cybercriminals are becoming increasingly sophisticated in how they target small businesses. There are several common threats that businesses face. According to the Insurance Bureau of Canada, these include:

• Ransomware attacks: This kind of attack gets its name from how cyber-attackers take sensitive data or files’ hostage, by encrypting it so that your company cannot access it – unless you pay the attackers a ransom fee.
• Malware: When dodgy software is installed on a computer to monitor its actions, mine its data, or send it elsewhere.
• Phishing: When a cyber-attacker impersonates a trusted employee or representative of a company to trick customers to take an unsafe action, or download malware.
• Denial-of-service (DoS): Think of this as virtual ransacking. It’s when cyber-attackers overrun a business’s servers with so much activity that it brings down some or all of its services.

Understanding business email compromise (BEC)

Another common attack involves a practice called business email compromise (BEC), often used to deliver fraudulent invoices.

“BEC uses phishing emails that look like they come from a legitimate source of authority and deliver fake invoices designed to elicit payment which goes to criminals rather than an authorized vendor,” said Sangster.  “Simple BEC comes in forms of fake emails with invoices attached, looking for payment from firms which lack proper financial controls — like dual signatures or approval.”

Benefits of Cybersecurity for Canadian SMBs

Given this landscape of risks and bad actors, your business might stand to benefit by putting a cybersecurity strategy in place. The good news is that business owners may often implement cybersecurity quickly, through knowledgeable in-house staff or contracted experts, according to Nate Nead, CEO of Dev.co, a custom software development company.

“Without such measures, a simple WiFi hack into the home network of a remotely working employee could lead to a security breach into a company's private corporate servers. This is a threat now more than ever before,” he said.

Canadian businesses who manage their cybersecurity may be able to:

• Predict and prevent cyber-attack risks
• Avoid financial and reputational damage
• Protect customer, staff and vendor information
• Ensure stability of services and productivity

“There are some steps you may take to improve your business’s security right now, without too much expense”, said John Svazic, founder and principal consultant for EliteSec Information Security Consultants, an Ontario-based cybersecurity consultancy. You may:

• Install anti-virus software on every business computer, phone and tablet
• Use two-factor authentication for email (a security code and password)
• Use a password manager instead of sharing passwords across teams

“These are what I would consider minimal steps that any business, regardless of the size, should take to secure their company,” said Svazic.

Why Cybersecurity Is Evolving

While the work-from-home phenomenon has been convenient for many workers, it has also opened up huge security gaps, warns Nead. “We are seeing and strongly encouraging many companies to provide greater end-to-end encryption to their private networks, including greater authentication measures for remote access,” he said.

But the pandemic’s effect on the business world is only partly behind the greater cybersecurity risks of today. Much of SMBs’ exposure is being driven by the changing nature of software and storage.

Years ago, SMBs ran applications on a local server at their premises, and all the information was backed up right there. When businesses moved to cloud-based storage, they still could control and easily backup databases. Nowadays, most software is also based in the cloud, and businesses are using a range of apps to run stores, mailing lists, and websites.

“Data that was centralized has become decentralized, and traditional backups can’t keep pace,” said Mike Potter, CEO and co-founder of Rewind, an Ottawa-based backup service for web apps. “Backups need to become distributed to support the data distributed across apps. In today’s business environment, we need to move beyond basic backups and focus on comprehensive cloud data protection that secures as much business-critical data as possible across platforms,” he said.

This article is intended for general informational purposes only and does not constitute legal advice or an opinion on any issue. It should not be regarded as comprehensive or a substitute for professional advice.