Six Ways to Protect Your Business from Cyber Crime
Did you know that October is cybersecurity awareness month? There is no doubt that cybersecurity is a frightening topic for many Canadian businesses. Statistics Canada has reported that 43% of large businesses, 29% of medium-sized businesses and 18% of small businesses were impacted by cybersecurity incidents in 2019 alone. [1]
So, what can you do, as a business owner, to protect your business, yourself and your reputation from cyber crimes? How do you currently measure your cybersecurity risks? Do you know where your data is stored? Here are six tips to protect your business, your employees, and your customers’ data from cyber criminals.
Tip #1: Have a crisis plan
Effective policies, procedures, and processes are a great way to facilitate your team’s response should a cyber crisis unfold. Make sure you have a crisis plan in place that clearly defines everyone’s responsibilities and includes response protocols. Keeping this plan up-to-date will also help ensure its effectiveness over time and keep your business compliant with new legal requirements. It is also important to test the plan in mock exercises, and involve all key parties to ensure everyone would understand, and be able to execute on their role, when an incident occurs.
Tip #2: Promote security awareness at work
Your employees are the first line of defense against cyber crimes. The best way to help empower them is to implement regular educational seminars and trainings. With proper training, employees will know how to collect, process, and store information to prevent data breaches, and will have the confidence to identify and report potential cybersecurity issues.
Tip #3: Store your data effectively
The first step to protect and store your data safely is to know what type of data your organization is collecting. To protect everything equally is to protect nothing effectively. Once the data is identified, classify the information to determine the appropriate level of protection. For example, your crown jewels, such as customer information, sensitive intellectual property, or employee data, should be protected in layers, with tools such as encryption, data-loss-prevention, and restricted access. Want a tip from the pros? A vulnerability assessment of your security systems done by professional advisors can help you optimize your security efforts and provide you with an objective take to ensure your governance, security, and risk management processes are working in your favour.
Tip #4: Reduce third party risks
Cybersecurity isn’t confined to your employees’ computers – it’s much larger than that. Third party vendors, suppliers, and any other parties that have access to your data or your customers’ data, pose a risk. Regular cybersecurity assessments of third parties are imperative to help protect your business as it will help determine whether any of them present an unacceptable level of risk. Similar to data, also consider risk-ranking your third parties to ensure the vendors with a higher impact to your business are more stringently and frequently assessed.
Tip #5: Who is in charge? Define a cybersecurity protection officer
Cybersecurity leaders are critical to ensure that your business has a cyber strategy that is compliant with legal obligations and up-to-date on the latest external threats. This person keeps the business as safe as it can be and should have an incident response team armed with detailed safety protocols at the ready. This person can also serve as the key external communicator to ensure you can keep your customers, business partners, and potential investors informed of your strong cybersecurity protection posture.
Tip #6: Seek guidance from trusted advisors
Cybercrimes can have significant legal, financial, operational, and reputational impacts on your business. Building cyber resiliency before an event or a breach can help save your business. Cyber Security as a baseline requirement is also required more and more from potential customers and investors. Working with trusted advisors can help alleviate a lot of stress and ensure that all your bases are covered during a crisis, and ensure you make smart investments which maximize risk reduction.
The key element to remember is that you can never be too careful or too proactive when it comes to cybersecurity. It’s best to be prepared in order to protect yourself, your customers and your bottom line.
Reference:
[1] Statistics Canada. 2019. About one-fifth of Canadian businesses were impacted by cyber security incidents in 2019. https://www150.statcan.gc.ca/n1/daily-quotidien/201020/dq201020a-eng.htm
