Cybersecurity is an urgent concern for companies of all sizes, but an especially important one for small- and medium-sized businesses. While larger companies may have a dedicated team of cybersecurity professionals to provide protection from hackers and malware, as well as backup options in case of an attack, such options are typically out of reach for most smaller companies.
For many SMBs, cyber security threats have become more pronounced as a result of the digital transformation they’ve undergone since the start of the COVID-19 pandemic. Countless smaller businesses have had to launch or expand their online presence, including e-commerce options, amid extended brick-and-mortar closures mandated by public health measures.
To help small-and medium-sized businesses better educate themselves on how to avoid the costly perils of cyber attacks, Rogers Cybersecure Catalyst at Ryerson University recently launched Simply Secure. This free resource is intended to help small- and medium-sized business owners learn basic cybersecurity principles, translate cyber risk into business risk, develop an effective cybersecurity program, protect business data, and prevent phishing and ransomware attacks.
“We are seeing some staggering numbers when it comes to attacks, and they’re happening across organizations of all sizes,” says Sumit Bhatia, Director of Innovation and Policy at Rogers Cybersecure Catalyst.
“A lot of companies, by default, think about cybersecurity as a technology issue. We’re trying to communicate the idea that it’s actually a critical business issue.”
Simply Secure offers a step-by-step handbook, online training modules, and other resources that help SMBs become more cybersecure, while also demonstrating how to leverage their enhanced cybersecurity into a competitive advantage.
“There’s a real opportunity for businesses to also think about cybersecurity as something that separates them from the pack, while other people are catching on,” Bhatia says.
It’s common to think of cybersecurity as an issue that only impacts technology, but Bhatia notes that legal and reputational concerns are just as troubling. Here are some of the things Bhatia says small-and medium-sized business owners should be thinking about when looking to shore up workplace cybersecurity.
“A lot of SMBs go ‘Hey, I’m not really that important.’ Or it’s ‘What’s the worst that could happen?’ We want to change this thinking and help them understand that they are important. Their data is important. Nearly one in five businesses has had a cyber attack over the last couple of years. If you are attacked, you could be crippled.”
“The pandemic has changed the way we work, and small- and medium- businesses are probably disproportionately affected by that. How are you protecting your home networks? Are you using technology, such as a VPN (Virtual Private Network), to protect yourself? Who are the other people in your household using the same network? Do you have any smart home technologies on that network that create additional layers of vulnerability?
“We’re seeing increased use of mobile devices, whether it’s tablets or phones, being used for conducting business. All of that is creating a new layer of opportunity for hackers to tap into, and a new layer of risk exposure for small- and medium-sized businesses that typically haven’t had to think about this stuff.”
“Mobile is one of those things we take for granted. We see it as an extension of ourselves rather than an extension of our business technology. That conscious recognition of the security threats is important. Use a VPN on your phone. Use a password manager on your phone. Those things are important.
“Some of the older phones are still catching up with operating system updates and built-in security frameworks. If you’re using your phone to conduct business, try to constantly update your operating system. Make sure the apps you’re using are functional apps. We have a tendency to download apps and say ‘Hey, one day this would be cool to use,’ but they’re just sitting there in the background and we likely haven’t looked too closely to see how they might be sharing our data or the different parts of the phone they’re accessing, be it photo galleries or contacts.
“The biggest challenge with phones is that we are accessing external networks. We are travelling with them. We are checking our emails and logging into free networks at coffee shops. Because of WiFi technology and hotspots, there are lots of opportunities for people to position themselves between the user and the connection point to steal credentials or interrupt messaging. Those are real concerns.”
“Social media hacking is not just about people trying to get data from your account. They can also use it to pose significant reputational risks. People can go on there and speak on your behalf, they can affect your rating with customers. That’s a real impact on your brand. How to protect your brand is a big part of staying secure.
“You also have to think about access and identity management. Limit who has access to your social media account. You can’t have everybody in your organization using your corporate account to post stuff, even if you want to spread the responsibility around. Really think about how you give access to people, and who you give access to.”
“Finally, don’t try and set up an account on every single social media platform if you’re not going to use it. Close down those accounts because they can be hijacked and somebody could pose as you.”