Back to the Basics: 3 Tips for Small Businesses on Prioritizing Cybersecurity
Proper cyberhygiene is the business of both employers and employees
In a world where virtual and remote operations continue to be the norm, keeping up with security measures has never been more critical to maintain business continuity. As organizations rapidly transform their operations to remain competitive in the hybrid work landscape, threat actors have adapted to this landscape. This is especially true for small businesses that have been among some of the hardest hit during the pandemic. In fact, the Insurance Bureau of Canada gave employees who work at small and medium-sized business a “C” rating on their cybersecurity awareness. Our 2022 Security Study also found that only 17% of the surveyed small organizations are categorized as having a Leading Security posture.
Technology evolution and heightened cybersecurity risk go hand-in-hand, and the frequency and sophistication of cyberthreats has increased significantly in recent years – impacting smaller businesses more than others. In fact, according to our recent trends report, Rooting Out Risks, 18 percent of Canadian small businesses experienced a security breach in the past two years. Of those, 67 percent reported a loss of productivity as the primary impact, followed by loss of data (26 percent) and financial loss (19 percent).
Recognizing the urgent need to ensure data is protected, here are some fundamental best practices every small business should prioritize to maintain a strong cybersecurity posture.
Ensuring security awareness training
As the workplace landscape continues to shift, security protocols and necessary security measures need to be updated and communicated to employees. Regardless of business size, it is clear all businesses are at risk and must stay vigilant to cyberthreats. To ensure employees understand their critical role in preventing and addressing threats, security awareness training is key. Ensuring employees know how to spot a phishing attempt, who to call if a fraudulent link is accidentally clicked, and how to deploy recovery protocol should be top of mind. But awareness for the sake of awareness is not sufficient, employees must understand their value within the organization and how cybersecurity relates to their role.
Promoting ongoing password maintenance
If an employee uses the same password for everything on their work devices – or personal devices used on a work network – and a hacker gains access to it, this is a recipe for disaster. Best password practices are simple but critical and should not be underestimated. These include:
Utilizing uncommon and long passwords with a combination of letters, numbers and special characters.
- Selecting a unique password for each account/device/login
- Avoiding storing passwords in unsecure locations
- Where possible enable multi-factor authentication
- Implementing vault or password management technologies for administrative tools
Implementing multi-factor authentication (MFA)
MFA is a security technology that requires digital users to provide at least two verification factors (something they know, they have, or they you are) to prove their identity and gain access to data or networks. With MFA, employees are required to enter a password in addition to a security token or code. With minimal effort, this provides one additional layer of security and makes it even more difficult for bad actors to gain unwanted access to data or networks. App based two-factor authentication is preferred over the simpler SMS codes (where possible).