5 things businesses need to do to avoid cybercrime threats

Dmitry Medvedev, an IT guy, and someone who looks like Val Kilmer discussing anti-virus software.

Dmitry Medvedev, an IT guy, and someone who looks like Val Kilmer discussing anti-virus software.


                                                                                                          It's been said that cybercrime will cost around $6 trillion per year on average through 2021. The true cost of cybercrime is almost unmeasurable though. The direct cost of a security breach is only one number, the damage to shareholder and investor perception is another. That being said, there are ways to protect yourself and your business.

1.      Focus on the basics first


It’s not just big, techy/code things you need to focus on, leave that to the IT dept. There are plenty of small things that really help. Make sure each member of your team has passwords that are strong and long, and encryption is being used at all times. Do you have a dedicated response team ready to deal with attacks? If not – set one up. Have fun with it too. Imagine you and your team are criminals and try to hack into your own business – identify vulnerabilities and then fix them.

2.      Educate yourself and your employees


Take the time to teach employees:

·       How cyber-attacks operate

·       How to react in case of a cyber attack

Hiring a risk management IT service speaker for a one day seminar is relatively inexpensive but will pay for itself very quickly, and give you piece of mind that you are on the right track security wise.

3.      Always update your software


I remember a few years back with my Mac. I didn’t update for over five years! They took some functionality out of my iTunes and I was livid. Spite: not an ideal trait to have in IT. Keeping all your software up to date plugs holes and leaves fewer weaknesses for hackers to get in. Update patches and fixes as they become available. Hackers are sophisticated individuals though, so you may never be safe from all harm, but when you have at least 3 multiple layers of security controls:

·       Firewall

·       Intrusion prevention system (IPS)

·       Intrusion defence system (IDS)

You’ll have a better defence against any sort of attack that comes your way.


4.      Stick to your policies


So, you’ve done steps 1, 2 and 3, now you have to make sure everybody sticks to the plan.

·       What is your protocol if a team member loses a company device?

·       What is your BYOD policy?

·       What is your Wi-Fi best practice policy?

·       What is your social media policy?

·       Who has user privileges - for which files?

Make firm policies and stick to them.

5.      Perform audit checks to ensure policies are being followed

Step 5 is audit. It’s all very well to do the steps once, but it’s imperative to check in and see things are getting done consistently. If you are running a monthly audit of your systems, you’ll be more agile and able to respond to attacks.

Do you have a cyber security system in place? Let us know how you implement it.



What is cyber security and why should I care?


A report from Media technology Monitor found that Canadians spent about 24.5 hours online per week in 2016. In 2015 it was around 22.5 hours. If my friends (and my kids) are anything to go by, it’ll be up this year too. The report also found that a staggering 91% of Canadians have used the Internet in the past month. Our personal lives and work lives are inexorably linked to our devices, so it’s becoming more and more important to stay safe.

The 2018 PWC Investor survey just came out in February. Investors and analysts have put cybersecurity right on top of the business threat list. From the phone to the laptop – if you are online as much as I am – you should be concerned.

What is cyber security?


Cybersecurity incidents are not going away. If anything they will continue to grow, and get worse. In Canada alone, attacks have increased 160% year over year.

The Institute of Risk Management states that cyber security “attempts to arrest any risk of financial loss or damage to the reputation of an organization from the failure of any of its IT systems.” It’s really about trying to stop cybercrimes that are out to get your (or your customer’s) money and/or data. Many companies have found themselves in a public relations nightmare, struggling to recover lost data and prevent further theft.

Determining your personal cyber risk


The size of your business doesn’t really matter – cyber criminals are lurking around every corner. If you recognize any of the scenarios below in your company – it’s probably time to beef up security.

·       Building access is public

·       No ID cards

·       Employees use computers to access bank accounts

·       Little or no password policy

·       Insufficient data backup systems

·       Insufficient cyber security policy review every few months

·       Employees/customers accessing your system remotely

·       A Bring Your Own Device (BYOD) policy


Sadly, we’re all going to face more cyber-attacks in the future. Understanding your risk level – and where threats can emerge from – are great weapons for personal safety. A good risk management firm can help.

What measures are you taking to beef up your cyber security?