Is Your Small Business Cyber-Secure?

“It is not a matter of “if” but “when.” Sunny Jassal discusses the importance of Cyber Security and Data Privacy best practices for businesses with Drishti. Sunny Jassal is the Director of Cyber Security at BCIT.

By Sunny Jassal

When accidents happen on the road, it does not matter if you drive a 4×4 truck or a smart car. The same analogy applies to business risks; the size of your business does not matter. The Internet is just like the road allowing businesses of all sizes to reach other markets searching for opportunities, using a vehicle such as a computer or a mobile device. Just as accidents can happen with any car on any road, business risks can arise from any cloud-based application, email, smartphone, or third-party software. Reports suggest theft of digital information has become the most commonly reported fraud, surpassing physical theft. Every business that uses the Internet should foster a culture of shared responsibility for cybersecurity, leading to enhanced business and consumer confidence.

Cybersecurity and data privacy principles must be embedded into decision-making at all levels of the business. It is even more critical for companies such as medical and dental clinics, accounting, and law firms, which should guide all their business decisions to ensure patient and client personal data protection is their core priority. It should be no surprise that the bulk of cybersecurity breaches originate from some form of human error, be it a victim of a phishing email or weak passwords. For these reasons, businesses need to build a cyber-secure culture to protect their own business, clients, and data from growing cybersecurity threats.

The culture of any business drives people’s decisions when at work, and the human element of cyber awareness is the key to a cyber-secure business. An overall cyber-secure culture starts from the top, leading the way and setting an example for their employees. You cannot have business owners or leaders share their passwords with an office assistant! That is not how you build a cyber-secure culture. I often hear business leaders willing to spend on the shiniest object when it comes to purchasing a security solution in the hopes to cyber-secure their business. Business leaders need to understand cybersecurity because one does not work without the other; it is a combination of People, Process, and Technology.

At the time of writing, COVID-19 continues to spread widely worldwide, disrupting businesses in many ways. This disruption has led to employees shifting to a work-from-home model. Not only does this pose new challenges for companies in supporting their employees. It also puts an even more significant burden on the employees who must quickly adapt to a new way of working from home—and do so safely and securely away from the traditional office. Cybercriminals are taking advantage of people’s heightened levels of concern and genuine fear around COVID-19, trying to spread misinformation leading to fraud and theft of employee and customer information.

Cybersecurity is an evolving and growing business risk and should be taken very seriously. It does not have to be expensive, as long as proper cyber hygiene is integrated into every business decision. A list of top 10 cybersecurity tips for small businesses is always a good start:

  • Raise cyber awareness

Establish basic security practices and policies for employees to handle and protect client information and other personal data. 

  • Primary computer and networks hygiene

Install security software to defend against viruses, malware, and other threats. Install software updates as soon as they are available.

  • Secure internet connection

A firewall prevents outsiders from accessing data on a private network. If not using a hardware firewall, make sure the operating system firewall is enabled.

  • Create a mobile device policy

Require employees to password-protect their devices, encrypt data, and install security apps to prevent a data breach.

  • Backup business data

Regularly back up critical business data, ensure backups are either offsite or in the cloud.

  • Physical access to computers

Prevent access or use of computers by unauthorized individuals. Laptops can be a specific target for theft, so lock them up when unattended.

  • Secure Wi-Fi networks

Make sure Wi-Fi is secure, encrypted, and hidden.

  • Payment cards best practices

Isolate payment systems from the computer used to surf the Internet.

  • Limit employee access to data, information, and system

Limit employee access to data. Employees should not be able to install any software without permission.

  • Passwords and authentication

Require employees to use unique passwords and change passwords regularly. Consider implementing multi-factor authentication when available.