Client records, accounting history, secrets to the trade -- what would happen to your small business if it was all stolen or you suddenly couldn't access it? For many small and medium businesses (SMBs), the issue of cybersecurity is often eclipsed by other business priorities that hoard the company budget. It turns out that the risk grows exponentially after they reach the business milestone of $10 million in annual revenue.
In fact, according to our research, one in four Canadian SMBs with yearly revenues of $10 million or more have been victims of a cyberattack, compared to only one in 10 Canadian SMBs with revenues under that threshold. These SMBs are exceptionally vulnerable to cybercriminal activity because they have the same attractive assets as enterprise-level organizations, but tend to have a lower level of protection and less sophisticated security solutions in place than larger organizations.
Our research also found that:
- The majority of Canadian SMBs would be unable to function for more than a few days without access to their data. 65 per cent of Canadian SMBs said they can only function for a few hours or days without access to their data, and a full 15 per cent of Canadian SMBs would have to cease functioning immediately.
- One in five Canadian SMBs who have been a victim of a cyberattack have suffered a significant loss to their business because of their inability to service customers.
- Employees of Canadian SMBs believe their companies devote enough resources to cybersecurity, but are not convinced that they are safe from attack. While seven in 10 Canadians employed at SMBs feel their company is devoting enough resources to cybersecurity, only 33 per cent of them feel 'very confident' their company is safe from attack.
- Canadian SMBs lack knowledge of some of the most basic cybersecurity concepts. Less than one third of Canadian SMBs are 'very familiar' with the concepts of ransomware, social engineering and two-factor authentication, bringing into question their ability to judge their company's cybersecurity readiness.
As our current research shows, SMBs need to take cybersecurity risk seriously. While cybersecurity is especially important as your company scales, it's also of concern to smaller businesses. In fact, many hackers target SMBs specifically to get into large organizations.
What's more, the impact can be substantial, as SMBs often don't have the back-ups, contingency plans or financial reserves in place to support their businesses being offline. This translates into a real loss to your business if you are unable to service your customers. Considering the fact that SMBs make up 98 per cent of the businesses in Canada, these attacks have real implications for the health of Canada's economy.
What can a SMB do to stay safe?
At the end of the day, there is no magic one-size-fits-all solution that protects every type and size of business, but here are a few things to keep in mind:
- Antivirus or Endpoint Security - You would think all businesses have antivirus these days, but they often don't have the right product, haven't renewed a subscription or updated to current versions, or have overlooked habits of employees bringing their own devices to work. Make sure you have the right protection for the technology your company is using and that it's being updated regularly.
- Backup, backup, backup - You hope for the best, but sometimes despite your best efforts, the worst happens. What can you do if your business becomes the victim of a cyberattack? If you've been backing up your files regularly, you should be able to recover and restore your systems with as little down time as possible. Always be backing up!
- Policies and Education - Your employees are both your best asset and your biggest risk when it comes to cybersecurity. Many breaches are due to human error. If you're not implementing basic security procedures and educating your employees on the threats, you can't expect them to know how to respond to a cyberattack. The safety of your business is worth putting a few guidelines in place and making sure staff understand their role in protecting the business. Something as simple as requiring strong passwords or passphrases on all devices, and requiring them to be changed frequently, can go a long way.
The evidence clearly points to the need for Canadian SMBs to increase their awareness of threats and ability to detect them, especially as they look to grow. Keeping these points in mind, there is always room for improvements in cyber policies and procedures, product selection and education because it doesn't look like cyber threats will be subsiding in the near future.
Follow HuffPost Canada Blogs on Facebook
Follow Iva Peric-Lightfoot on Twitter: www.twitter.com/ESET