With the rise of cyber attacks during the COVID-19 pandemic, it’s more important than ever to have the right safeguards in place to prevent and deal with an attack. Cyber criminals can steal your data in a matter of seconds using the software your business relies on to operate, including email and text messaging.

But for many small businesses, dealing with the threat of a cyber attack is often an afterthought. To better understand the way small businesses in Canada perceive their cybersecurity risks, we partnered with Leger, a Canadian market research and analytics company, to conduct a survey of 422 businesses representing different industries in September 2020. One of our key findings was that only 15 per cent have implemented preventative IT and employee training, and only 11 per cent have invested in cyber risk insurance.

You may be wondering, what can you do to be better prepared for a cyber attack against your business? Here are a few important cyber risk facts that can help your business recover from scary hacks and serious “bytes”.

You should back up all of your data regularly.

During a ransomware attack, a hacker installs a virus on your computer to encrypt your data. In order to get your data back, they demand a sum of money. If you regularly back up your data, you can be less concerned about this, since you can restore to your latest back up.

However, if you last performed a backup one month ago, there’s a greater chance that you’ll be locked out of your system with no way to access important data, making it much harder for your business to resume operations. Ideally, your backed-up data is recent enough that you don’t even need to pay the ransom to get your locked data back.

There are many free and simple ways to backup your data. Here are some guidelines to keep in mind:

• Using cloud storage has a few advantages over local storage. For example, if your external hard drive is damaged in any way, you may not be able to access your data.
• Some of the applications you use might already be backed up in the cloud (for example, if you use Google Workspace), so identify the data that requires a separate back up.
• Take time to organize your documents, so it’s easier to ensure you’re backing up everything you need.

For more helpful tips, visit the Norton Security website.

All customer data needs to be protected, including non-financial info.

Even though businesses may be more likely to protect customer data of a financial nature, the reality is that all customer data is worth protecting equally. This is because hackers don’t need financial information to seriously damage a person’s finances. A small customer database is still a hacker’s goldmine – in fact, according to Symantec’s 2019 Internet Security Threat report, a name or birthday can be worth up to $1.50 on the black market, while a passport or driver’s license number can be worth up to $35.

We repeat, hackers don’t need financial information to seriously damage a person’s finances.

If a cybercriminal obtains credit card information, how long is their window of opportunity to use it for illegal activity? While it could take a month or two for customers and companies to realize a card was compromised, odds are the card gets cancelled quickly and has a relatively short shelf life. However, what if that same hacker got access to names, emails and home addresses, then checked online sources such as social media sites to gather enough personal information to commit identity theft? That kind of crime can take victims years to recover from.

Scenarios like the one above highlight some of the reasons that businesses have been hit with class-action lawsuits after their data was breached, even though none of the compromised information was finance related. Speaking of which…

Class-action lawsuits aren’t the only bad thing that can happen to hacked businesses.

Sure, a class action lawsuit might end up being the biggest repercussion a business experiences from a cyberattack. However, if a business’ customer data gets leaked to the public and the customers impacted decide not to file a class action suit, does that mean the business is in the clear? The answer is: absolutely not.

Cyberattacks, even without class action or other lawsuits, can severely damage a company’s reputation. Existing and potential customers may distance themselves from the hacked business as a precaution. Enlisting reputation-management professionals to handle the crisis can be a significant cost, and they aren’t the only pros you’d need to hire either. Recovering your compromised data from the cyber criminals and restoring it to your systems isn’t something you’ll want to do alone, even if your business is tech-savvy. Since it may take a while to get a business back up and running after a cyberattack, the amount of potential revenue lost during that process can quickly add up.

In short, lawsuits are a risk to businesses that have undergone a cyber attack but they aren’t necessarily the only one, as other risks can be quite problematic as well.

If you store electronic data, cyber risk insurance is important to have.

Of the 422 small businesses we surveyed, only 11 per cent have purchased cyber risk or data breach insurance. The reason cyber insurance is worth considering is because it can help a business with every nightmare scenario mentioned above. If you forget to back up your data and experience a cyber attack, insurance can help you deal with the financial costs. If you need to hire a reputation-management professional after your business gets hacked, insurance can also help you cover the costs.

With TruShield, you also have access to support services provided by CyberScout, a leading data risk management service provider. This service includes consultation on proactive measures to protect your business from cyber threats, as well as reactive assistance should you suffer a breach through services such as crisis management, notification assistance, and media relations consulting.

The reality is that any business, regardless of their size or resources, can be a few mouse clicks from getting cyber attacked. If you’d like to learn more about cyber risk insurance, visit our cyber risk insurance page today!