Many small businesses have turned to online sales in recent years, even more so during the pandemic. While an online storefront can help you reach more customers, it can also leave your business vulnerable to cyberattacks.
Cybercrime hits small businesses hard. CFIB research has found that between March and October 2020:
This translates to about 61,000 Canadian businesses who fell prey to cybercrime!
In 2018, Canadians made over to $57 billion worth of purchases over the Internet – up from just shy of $20 million in 2012. As online business continues to grow, the potential for being victimized by cyber-crime also increases.
What is cybercrime?
Cybercrime, also known as cyberfraud or a cyberattack, is any criminal offence that involves a computer or the Internet as either the target of a crime or as the means used to commit a crime.
Some examples that relate to commercial transactions include:
Fraud is the most common type of cybercrime reported to police, representing over half of all Internet-based crime, according to 2018 Statistics Canada data.
What are the biggest cybersecurity risks to my small business – and how can I prevent them?
There are four main areas that can make you more vulnerable to cybercrime. Being aware of these vulnerabilities, and how they can be exploited, will help you take action to protect your business.
Weak passwords. 63% of data breaches result from weak passwords and most passwords take hackers seconds to crack.
Out of date software. A patch refers to the updates to your software systems, programs and apps. These patches are meant to fix security vulnerabilities and other bugs.
Phishing is one of the main sources of cyber crime with 91% of all attacks starting with a phishing email. An infected email can download viruses or give access to your data and possibly trigger a ransomware event.
USBs and Removable media can be problematic with 27% of malware infections coming from infected USBs.
How else can I protect my small business against cyber-crime?
The first line of defense is being aware and informed about the risks and types of cybercrime out there. For example, not opening an e-mail or link in a text message that looks suspicious.
In addition to standard common-sense vigilance, businesses are encouraged to monitor purchase trends and keep a very close eye on statements and purchase orders. Watch for deviations from normal sales activities. Software solutions to protect data are also crucial (e.g., encryption, firewalls, anti-virus).
Another option is to protect your business through cyber insurance. This type of insurance covers liabilities that can occur online including data theft and computer viruses such as ransomware. The insurance can help cover legal and civil damagers, crisis management expenses, computer programming and electronic data restoration expenses, business interruption and other expenses.
Tips to guard against cybercrime
What if I am a victim of cybercrime?
Unfortunately, there is currently little recourse available to you; scammers are often operating in a foreign country which makes it hard for authorities in Canada to investigate. That said, it is still important to report any cybercrime against your business to the Canadian Anti-Fraud Centre.
If your business faces a data breach due to cybercrime that has potential to cause significant harm (i.e., financial loss, identity theft, loss of property, etc.) you are required to report it to the Office of the Privacy Commissioner (OPC), as well as notifying all affected individuals and keeping a record of the breach.
If you think you may have been a target of online fraud, report it to your local police service and the Canadian Anti-Fraud Centre. Canada’s Competition Bureau is also a trusted resource for information related to fraud and cyber-crime.
The Government of Canada has created an information portal where you can review your online safety practices.
What is CFIB doing?
The government is currently looking at new laws regarding how to manager private information online. CFIB is working to ensure that any new rules and regulations are not overly complex, not costly to implement in your business.
We have a Savings Program Partnership with Northbridge Insurance, who offer cyber insurance as well as other insurance and legal support products.
CFIB has partnered with Mastercard to build targeted, user-friendly training for small business owners and their employees regarding cybersecurity. Launching later this year, the new CFIB Cybersecurity Academy will deliver digital lessons on a mobile-first and gamified platform on topics including: preventing ransomware and cyberattacks, recognizing fraud, and identifying and preventing social engineering.
Watch our member-exclusive webinar “Cybersecurity: How to Protect your business” presented by CFIB and Mastercard by visiting our member portal.