Your business is under constant attack.
According to Statistics Canada, in 2017 one in five Canadian businesses were hit with a cyber security incident. (That number only counts businesses able to identify and choosing to report suspicious activity). We spent $14 billion to prevent, detect and recover from cyber security incidents.
Cyber security attacks keep taking from businesses, long after they’re detected.
Financial loss
Cyber attacks may involve direct theft of funds, or demand ransom payments to remove malware or unlock data. These companies end up paying again for downtime, repair costs and new security measures.
“More than half (54%) of impacted businesses reported that cyber security incidents prevented employees from carrying out day-to-day work, while 53% reported that incidents prevented the use of resources or services (for example, desktop computers or email). Close to one-third (30%) of businesses faced additional repair or recovery costs in 2017.” (Statistics Canada)
And, since November 2018, the Personal Information Protection and Electronic Documents Act (PIPEDA) makes it possible to fine Canadian companies if they neglect to report and notify individuals affected by information breaches.
Liability & Risk
There’s also a shift towards increasing personal liability for boards of directors and executives of companies that fall victim to privacy breaches. That means YOU, as a private business owner/CEO!
Reputation & eroding trust
We know most business is built on trust. Our general understanding of cyber security is still so basic, most Canadians don’t know how to figure out, in the case of a breach, if they’ve been affected, how they’ve been affected, or how long it might be until problems start turning up. When a cyber attack becomes public, the simplest solution for many customers will be to play it safe and avoid ever doing business with that company again.
- RBC.com
But surprise….
In our May 21 episode of I'm a Millionaire! So Now What? (listen & subscribe here), Patricia McLeod, a Corporate Director, Lawyer, and Compliance and Governance Advisor, reveals that it’s your people, not your code, that makes the difference.
“The weakest link in your system is actually not the system. It’s people. It’s because we build cultures in our companies that say: ‘We want the front line to be the friendly face. We want you to be helpful. We want you to be informative.’ And then you find out that they’re the ones that disclosed that the CEO is not in the office today. And the CFO’s not in the office today. And then that’s the perfect time to hit the controller with a request from both.”
Which is along the lines of what happened in my own Ottawa backyard, when our city treasurer fell victim to a “spear phishing” attack that stole more than $130,000. (Online Security: a few extra steps give you extra protection)
Byron Holland, CEO of Canadian Internet Registry Authority (CIRA) was my podcast guest yesterday. He acknowledges too that people – more specifically how we train them – may end up being the weak link.
“A classic example is a thumb drive left on a floor in an office… Someone picks it up and jams it into their computer to see what’s on it. Lo and behold, it’s some kind of malicious malware that then compromises the computer …and then the network.”
In our discussion, Byron offers straight-forward tips from the experts around training and security:
1. Use strong passwords. If it’s easy to remember, then it’s too easy to crack. Please Please PLEASE avoid 1,2,3,4, QWERTY or your last name!
2. Training may not be glamorous but it’s essential, and bears repeating. People fall back to bad habits often and easily which can compromise everything you’re working so hard to build.
3. Hire experts like third party “white hat” hackers to test both your systems AND your people.
Byron reminds us: “…there’s that physical/digital layer of security that you need to protect your network. And then there’s how you train your people.”
We’re coming to the end of May, and the end of Cyber Security Month, but smart advice never gets old:
READ
Digital Assets: the Assets Nobody Thinks About
Online Security: a few extra steps give you extra protection
When cybercrime hits your business
LISTEN
Under CyberAttack: Cybersecurity, What Self-Made Millionaires & Wealthy Canadians Need to Know
Cybersecurity: Is your business at risk?
Cybersecurity Theft, Threat or Breach: it’s not IF, it’s WHEN
Tonight, Byron Holland is my guest for Elevated Conversations with Colleen O’Connell-Campbell where we’ll discuss CIRA and cyber security in person with an intimate group of business owners over dinner.
I initiated Elevated Conversations in the Spring 2018 to explore financial, technological and other projected trends with smart investors, entrepreneurs, business owners and professionals. I’ve discovered there’s a huge appetite (no pun intended) for more discussion around cyber security so I’m toying with bringing the topic back to the podcast with a fresh series of guests, and more Elevated Conversations with Colleen O’Connell.
If you’re interested in participating in future Elevated Conversations, have topics to suggest, know a guest speaker or have interview suggestions I want to hear from you! Email me directly at colleen.campbell@rbc.com