It's one of the newest emerging risks. We see headlines about it, almost daily. Yet most business owners seem blissfully unaware of the threat that cyber threats face to their business.
A Globe and Mail study from 2014 stated "Cyber attacks have hit 36% of Canadian businesses."
In conversations with businesses owners, my experience has been that most don't really consider it a major risk, or feel that big companies with high profile data breaches like Sony, Target or Home Depot that are the targets for hackers.
Nothing could be further from the truth. The reality is that small and medium enterprises (500 employees or less) have become a favorite for hackers for a number of reasons.
- Lack of awareness of the risk
- Less sophisticated security technology
- Less control around employees access/use of technology
A simple google search or a minimal amount of research will, reveal countless examples of smaller businesses that have experiences cyber crime.
You cannot solve your Cyber Risk problem with an IT solution.
Your IT department or vendor is an important part of any solution and it's vital that firewalls be in place, anti-virus software be up-to-date and that physical equipment such as routers have appropriate security features. However Cyber Risk needs be viewed as a company-wide problem, not an IT problem. Should a business owner place the entire future of their business on the shoulders of their IT person? What oversight is in place? How do you know that your system is secure? Many companies use an outside auditor to monitor the financial health of their company every year; shouldn't they treat Cyber security the same way?
Outside oversight that specializes in Cyber security is the best way to ensure your network does not have doors that are open to the outside world, or that are easily unlocked. It's not about IT people not dealing with the problem, but they have multiple priorities from installing equipment, to managing workstation issues, to getting printers working...
90% of Cyber breaches are caused by human error.
As levels of data encryption have improved and technology has increased Cyber criminals are using methods that take advantage of human nature to commit cyber crime. Planted USB drives that contain malware, phones calls with them posing as vendors, supplies or customers or simply eavesdropping on conversations are ways they use to gather information from various sources to piece together a fake identity or pull off a scam allowing them access to your network by creating "phishing" emails that look authentic. (We all received emails telling us our banking information needs to be "updated").
Employees are often uneducated about the importance of password management, allowing for passwords that are easily guessed or stolen. What kind of training has your staff received on important issues like this?
Your Cyberrisk Problem is never "solved". It keeps changing.
There are constantly new software products, new hardware, new staff, new business products and new threats that keep emerging in today's fast paced world. Every time one of these changes impacts your business, a new potential cyber risk will emerge. An ongoing program to provide updates on the state of your Network security helps make sure that you won't be blindsided.
Luckily, even the smallest business can implement affordable measures to deal with Cyber Crime.
- Educate Staff on their exposure
- Understand it is not an IT problem - the business owner/leader needs to be aware and in control
- Cyber Insurance - packages to cover the risk of damages to your business and for your liability to your clients, vendors or suppliers is available now that can meet the budgets of the smallest or the largest business. Losses from Cyber related risks are excluded under standard Liability and Property Policies so a Cyber Insurance Policy should be an important part of every risk management portfolio.
At Wedgwood, we recommend the TUF (The Ultimate Firewall) program which combines Employee Education, Network Security Analysis and On-going Monitoring. We understand that in reality, once you have a claim for a Cyber loss, it's probably too late. The best approach is to prevent and mitigate these losses, since the impact on a business is too severe. Cyber Insurance is one product you need to purchase, but pray that you never have to use - the damage to business' finances, clients and reputation is too large to ignore.
Newfoundland and Labrador is often mentioned as being on the "edge of the continent". Cyber crime knows no borders, they will find your business. Will you be ready?