This cyber risk eBook can help you protect your business!

Green digital padlock on green and black motherboard
7 minute read  

Smartphones and laptops can be incredibly helpful for running your small business. But these devices can leave you vulnerable to costly cyber breaches. In today’s digital-centric world, cyber breaches are becoming more and more common. As a result of the global COVID-19 pandemic, many small businesses have transitioned to a virtual environment, whether that means employees are working from home or an online store has been launched. Unfortunately, this has resulted in an increase in cybercrime according to The Canadian Centre of Cybersecurity (CCCS).

Cyber breaches: The byte-sized basics

Picture this: you’re checking your email account, and you open an email that appears to be from a recent customer. You don’t recognize the email address, but you open the email anyway. The sender has attached a digital receipt and wants you to take a look at it. Thinking nothing of it, you decide to open the attachment. That’s when disaster strikes. The attachment contains a malicious virus that gives an unknown hacker remote access to your computer. In just a few quick minutes, they’re able to steal your personal information, financial records, and customer data. Just like that, you and your small business have been hit by a cyber breach.

What is a cyber breach?

A cyber breach is when an unauthorized individual or organization gains the ability to view, access, or retrieve data from another individual or organization. Cyber breaches typically involve stealing data to share with others, or stealing data and holding it for ransom. Cyber breaches are also known as data breaches, leaks, or spills. Most cyber breaches involve accessing and stealing data that’s vulnerable and exposed, whether they’re files, documents, or other sensitive information. Here are some examples of types of data that could be stolen from you (and your customers):

  • Financial information, such as credit card or bank details
  • Confidential business information, such as login credentials and passwords
  • Personal health records, such as medication requirements
  • Sensitive personal information, such as addresses and phone numbers
  • Intellectual property, as copyrighted materials, patents, and trademarks

What are some examples of cyber breach threats?

Here’s a fun fact: Adorable dogs can come in many shapes and sizes! Here’s a not-so-fun fact: so can cyber breaches. Here are the main types of cyber breach threats that could impact you, your business, and your customers:

Malware – This is a general term that refers to any type of harmful computer virus. Worms, spyware, and adware are all examples of malware. Like “smog” or “brunch”, malware is an amalgamation of two words: malicious and software…we’d rather have brunch, personally.

Phishing This refers to cyber criminals attempting to extract sensitive information by disguising as a trustworthy contact or online entity. Phishing lures are often disguised in the form of hyperlinks, websites, or emails from questionable sources. Essentially, phishing involves cyber criminals placing bait online and hoping that someone unsuspecting will “bite” and share sensitive information. It’s like real fishing, only the stakes are a lot higher (and it might be less boring). In April 2020, the Canadian Centre for Cyber Security (CCCS) reported a phishing campaign targeting individuals waiting for their Canadian Emergency Response Benefit (CERB) deposit. The campaign included a link where they were supposed to be able to access their benefits, but only once they revealed personal financial information.

Password AttacksThis refers to cyber criminals using programs or applications to try cracking your passwords in order to obtain your online credentials and access your data. They may be looking to hack into your email, your website, your bank account, or other systems. Cyber criminals can be relentless, and they often employ different password attacking techniques to get the job done. This is a guessing game you definitely don’t want to participate in.

Ransomware This is an increasingly popular type of cyber breach where cyber criminals steal data and hold it for ransom. Using a virus or similar type of malware, a cyber criminal will gain access to a victim’s data and lock it. Once locked, they will threaten to publish the victim’s data, delete the data, or continue blocking access to it unless a ransom is paid. Think of it as the worst way someone could ask you for money.

The ransom instructions are often intimidating and will usually be included in the virus itself. Here are a couple of examples:

  • “Your computer was used to visit websites with illegal content. You must pay a $10,000 fine in order to unlock your computer.”
  • “You only have 96 hours to submit the payment. If you do not send the money within 96 hours, all your files will be permanently encrypted and you won’t be able to recover them. Choose wisely.”

Ransomware attacks are becoming more popular and more prevalent across the globe. In 2020, the CCCS reported a Canadian university engaged in COVID-19 research and a provincial government health agency were targeted by COVID-19-themed phishing attacks attempting to deliver ransomware.

Are small businesses really prone to cyber breaches?

Based on the sophisticated examples above, you might think that cyber criminals only target larges organizations. In 2019, large corporations such as Canva, Capital One, and Choice Hotels were attacked by cyber criminals, resulting in the loss of millions of personal records. But what are the chances that small businesses like yours could ever be targeted by hackers? Well, they’re higher than you might think.

In 2019, the Insurance Bureau of Canada (IBC) released a survey of small-to-medium sized businesses (SMEs), reporting that 44 per cent have not implemented defenses against cyber breaches. It found that roughly one in five SMEs have been impacted by a data breach in the past two years. These stats may startle you, but if you step into the shoes of cyber criminals, they might make more sense. Large corporations invest millions of dollars in state-of-the-art technology and IT resources to defend themselves from cyber breaches. Most small businesses do not have the budget to invest in protective barriers and IT infrastructure like large corporations do. Because of this, small businesses tend to be easier to hack. Some cyber criminals even target small businesses to steal credentials and gain access to a large corporation’s data

How much could a cyber breach cost your business?

According to an article in The Canadian Underwriter, North America is the most expensive location for a small and medium-sized business to suffer a data breach, with the average recovery cost at $149,000USD. In the same IBC survey mentioned above, 37 per cent of SMEs that suffered a cyber attack state that the breach cost them more than $100,000.

How can cyber breaches impact your business?

Still not convinced that cyber breaches could put a dent in your business? Here are some cyber breach trends you should be on the lookout for:        

Getting hacked is wack…yet it could still happen to you

You may think that only careless individuals end up getting hacked. We don’t doubt that you do your best to remain cautious when browsing the internet or checking emails. You might avoid visiting sketchy websites, opening unknown emails, or clicking suspicious links. With your careful behaviour and overall awareness, you might think you’re in the clear. However, there’s still a chance you’ll miss something. As a small business you may think that you’re insignificant to cyber criminals – however, according to the IBC, small to medium-sized businesses are often targeted as entry points to gain access to larger businesses, with 89 per cent experiencing an increase in phishing attacks since the beginning of the COVID-19 pandemic.

5 tips on how to recover from a cyber breach

Given that small businesses are top targets for cyber criminals, and given how effective some cyber attacks can be, how do small business owners feel about cyber attacks heading their way? According to a recent TruShield Insurance poll conducted in 2020, not great. We worked with Leger Consulting Group to poll Canadian small business owners, and 61 per cent of them believe they are not currently at risk of a cyber attack.

To help you understand how to respond and recover from a cyber breach, watch this video summarizing key steps to take:

The TruShield difference

When you get small business insurance from TruShield, you’ll be provided with a flexible policy that fits the needs of your business. One thing that sets TruShield apart from our competitors is our value-added services which include:

  • 24/7 claims service
  • Legal Assist
  • Risk Management Assist
  • Trauma Assist

The truth is, no matter how small your business is or what type of business you run, you could still fall victim to a cyber breach. Cyber breaches can be costly and could put you and your business out of commission. To help you plan for and protect against a cyber breach, here are other resources your small business can refer to:

Ready to properly protect your business? Build the coverage you need with our online estimator!

Get a quote

Retailers like you have also read:

This blog is provided for information only and is not a substitute for professional advice. We make no representations or warranties regarding the accuracy or completeness of the information and will not be responsible for any loss arising out of reliance on the information. Terms, conditions and exclusions apply to coverage. See policy for details. *Legal Assist services not provided for criminal, personal or insurance issues, do not provide representation in legal proceedings or legal fees coverage, and provided by Assistenza International, through lawyers licensed in your jurisdiction. **Risk Management Assist provided by our Risk Services specialists and is intended to augment your internal safety, compliance and risk management practices, and is not a substitute for professional or legal advice. ***Trauma Assist provided by independent third-party professionals – long-term and specialized counseling not included. Services are not an insurance policy, and not all policies are eligible. Contact us for details.