Cyber crime is on the rise and a real danger to small business owners. You may now run your business online or have employees working from home, because of the global COVID-19 pandemic. In a survey released by Statistics Canada in July 2020, nearly one-quarter of Canadian businesses expect that 10 per cent or more of their workforce will continue to telework or work remotely post-pandemic.
As a result, your business may be more vulnerable to cyber crime. To help you manage your risks, we’ve broken down why it’s important to understand the different types of cyber crime, some steps that may help prevent a cyber breach, and how to recover if your business does suffer from an attack.
What is cyber crime?
Cyber crime is criminal activity that involves a computer, networked device, or a network. You may think that as a small business you aren’t vulnerable to cyber crime. In fact, the Insurance Bureau of Canada conducted a survey of small-to-medium sized businesses (SMEs) in 2019, reporting that 44 per cent have not implemented defenses against cyber breaches. However, many hackers target SMEs as they are often seen as entry points to gain access to larger businesses. During the COVID-19 pandemic, the Insurance Bureau of Canada reported an 89 per cent increase in businesses experiencing phishing attacks in early 2020.
What are different types of cyber crime?
Cyber crime comes in all shapes and sizes. There are a number of methods hackers may use to attempt to gain access to your computer system, data, or finances. Below, we outline some of the key techniques used in cyber crime and some of the necessary terminology for understanding it:
Phishing: Phishing is a type of cyber crime during which fraudulent communications are used to trick users into revealing sensitive information, like passwords or credit card information. Phishing can occur in a variety of mediums, ranging from email to phone/voicemail to text messaging or even faxes. Small business owners are often targeted because they take on so many roles in their business.
Malware: Short for “malicious software,” malware is any program or file that’s designed to gain access to or damage a computer. It may arrive via an email, a website, or through exchanged files. It might exploit a flaw in the computer system directly, attempt to take control of the system or attempt to capture sensitive information.
Ransomware: This is a type of malware that is activated when a user is locked out of their computer system, denying them access to their files or their device until a ransom is paid.
Social engineering: Social engineering is the act of tricking someone into revealing sensitive information or taking action, like soliciting a monetary payment. Social engineering can be combined with other threats like phishing to gain your trust and make you more likely to do something like click on a link or download malware.
How can cyber attacks be prevented?
There’s no foolproof way to ensure your business doesn’t suffer from a cyber attack. But there are a number of preventative steps that can be taken to protect your business as much as possible. Here are five simple ways to help safeguard your company:
- Password security: Passwords are the first line of defense your business has against cyber attacks. Ensure your passwords are strong but also something you’ll remember. Make sure you use different passwords for different accounts and be careful with your password retrieval questions. After all, if someone can answer those, they could reset your passwords and access your accounts!
- Update often: The applications and software you rely on for your business should be updated often and as quickly as possible. Many of the updates include security enhancements and bug fixes that could help defend you from cyber attacks.
- Read the terms and conditions: We’re all familiar with the terms and conditions pop-up that appears when you install or download things like software, apps, or files. And unfortunately, we can also be quick to accept the conditions without reading them. But you shouldn’t be so quick to do that. Take the time to read and understand the terms you’re agreeing to. This will include details on what kind of access you’re giving to various parties on information including your location, phone number, and client names.
- Be on the lookout for phishers: Phishing emails are becoming increasingly common and can cause serious damage. In April 2020, The Canadian Centre for Cybersecurity reported a phishing campaign targeting individuals waiting for their Canadian Emergency Response Benefit (CERB) deposit with a link where they could access their benefits, but only once they revealed personal financial information. It’s vital to ensure your emails are from trusted sources by checking email addresses and links before clicking on anything. Proofreading can also be an easy way to spot a phishing email, as sometimes hackers miss spelling mistakes.
- Back up everything: The goal is to avoid a cyber breach, but that’s not always possible, and if it does happen, it’s better to be prepared. There are many steps to take following a cyber attack, but before one even happens, you can help yourself by backing everything up. You can use cloud sharing or an external hard drive to do this – better yet, why not both?
How to recover from cyber crime
Should your business suffer from a cyber breach despite your best efforts, it’s important to be prepared. Below are a few tips on how to recover from a cyber breach:
- Don’t unplug: Even though you might want to turn everything off, you shouldn’t. If you do, you could delete valuable information on how the hack originated and the extent of the damage.
- Call in an expert: Reach out to someone who specializes in cyberattacks to help you determine the scope of the damage that’s been done and come up with a plan to contain the situation.
- Communicate effectively: Handle communications with care so as not to damage the reputation of your company, and to ensure your customers, employees, and partners are aware of the situation. Consider hiring a public relations expert to gather facts and craft an appropriate message for the public and your employees. Be sure your communications happen in a timely manner, but don’t announce the breach until you know the full scope of the damage. Be as honest as possible and be sure to provide consistent updates.
- Fix your security: After the breach, the investigation into what happened will highlight vulnerabilities in your security system. Then, you can work on correcting them.
- Revisit your insurance: Speak to your provider about your policy to ensure you’re covered for the damages that a cyber breach can cause.
To learn more about coverage tailored for your cyber needs, visit our cyber risk and data breach coverage page today!
This blog is provided for information only and is not a substitute for professional advice. We make no representations or warranties regarding the accuracy or completeness of the information and will not be responsible for any loss arising out of reliance on the information. Terms, conditions and exclusions apply to coverage. See policy for details.