Cyber attacks on small businesses continue to rise: Are you protected?

,
cyber risk

You may think it’ll never happen to you. You read the news, hear about stories of a friend of a friend, but you never think that you’ll become a cautionary tale— that’s where you’re wrong. Cyber attacks on small businesses in Canada are on the rise, and you need to be prepared for this risk. Recently, a major cyber attack affected companies all over the world. WannaCry ransomware spread to over 150 countries and gained access to hospitals, banks and government agencies. This article looks at some of the effects of cyber hacking on small businesses and provides advice on how to protect your business from this type of risk.

You’re more of a target than you may think.

There is a large misconception among small business owners that cyber hackers are only interested in large corporations. The truth is that 54% of email scams actually target small businesses. Small companies tend to be easier to hack because they often lack the resources and protective barriers that larger ones have to fend off cyber hackers.

54% of email scams actually target small businesses.

On Friday May 12, 2017, a worldwide cyber attack took place and affected an estimated 300,000 machines across 150 countries. WannaCry ransomware, the malicious software behind the attack, was able to hack Britain’s National Health Service, the U.S. courier service FedEx, Germany’s national railway and government agencies all over the world. Here in Canada, the University of Montreal saw 120 computers affected by the ransomware and the Lakeridge Health hospital system in Oshawa also suffered at the hands of WannaCry. Once it’s gained access to a network, WannaCry uses encryption to restrict access to anyone else, and demands a ransom payment of $300 US.

According to John Proctor, the vice-president of cybersecurity for CGI, 30% of the company’s clients were at risk of being attacked by WannaCry because they were using older operating systems, such as Windows XP. Microsoft had released a patch for the problem, but because these companies tend to be small in size, they don’t typically have a security provider to keep them informed on these sorts of updates. This can be particularly dangerous considering Canadian companies are currently facing an increasing number of cyber attacks.

30% of the company’s clients were at risk of being attacked by WannaCry because they were using older operating systems.

Similarly, last year The Guardian reported on a small business based in Lancashire, England that was forced to pay a ransom in exchange to regain control of their company data from cyber hackers. Mark Hindle, the managing director for the small company, admitted to The Guardian that their company was completely unprepared for a cyber attack due to their lack of knowledge and awareness on this type of risk. This mentality isn’t uncommon in the small business world, but it can be extremely dangerous.

This year’s Symantec Internet Security Threat Report indicates that the rise of cybercrime shows no signs of slowing down. Some notable statistics from the 2016 report include:

  • 1 billion identities were exposed in 2016.
  • The 2016 spam rate worldwide was 53%.
  • There was a 36% increase in total ransomware infections.
  • Email phishing rate jumped to 1 in 1,846.
  • The average ransom demand jumped from $294 in 2015 to $1,077 in 2016.
  • One in every 131 emails sent last year were malicious, the highest rate in five years.

One in every 131 emails sent last year were malicious, the highest rise in five years.

How to protect your own business

To avoid becoming a cautionary tale, it’s important to protect your business from the threat of cyber attacks. Here are five easy ways to safeguard your company.

  1. Password security: make sure your passwords are as unique and difficult to guess as possible. Also, update them on a regular and timely basis and avoid using the same one for multiple platforms.
  2. Update often: when the software or applications you rely on for your business are in need of an update, make sure you install those updates as quickly as possible. Many of them include security enhancements and bug fixes that could help defend you from cyber attacks.
  3. Actually read the terms and conditions: when installing or downloading things like software, apps or files, don’t be so quick to ignore the familiar terms and conditions pop-up. This will include details on what kind of access you’re giving to various parties on information including your location, phone number and client names.
  4. Be on the lookout for phishers: the percentage of spear-phishing campaigns that have targeted small businesses has skyrocketed from 18% in 2011 to 43% in 2015.
  5. Back everything up: while the main objective is to avoid cyber hacking, if your business does become a target, it’s important to always have a backup of all your files secured. You can use cloud sharing or an external hard drive to do this—better yet, why not both?

Cover yourself

You simply never know what could happen in the digital world, so ensuring your business is protected and covered in the event of a loss is imperative. Unfortunately, the misconceptions surrounding cyber liability insurance tend to deter business owners from seeking coverage. Beyond the financial ramifications, security and data breaches can severely impact your reputation with your clients and customers. More and more business owners are adapting to the increased threat of cyber attacks. A recent study done by the Council of Insurance Agents & Brokers found that nearly 40% of U.S. polled policyholders have recently increased their cyber liability coverage. One of our experts can help you determine what type of coverage you should be seeking for your small business.

Stay tuned to this blog for more information on the risks and ramifications of cyber security.

This blog is provided for information only and is not a substitute for professional advice. We make no representations or warranties regarding the accuracy or completeness of the information and will not be responsible for any loss arising out of reliance on the information.