Nearly half of Canadian small business owners anticipate becoming a victim of cyber crime in the next year. Here are some tips on how business owners can develop their cybersecurity mitigation and crisis management plans.
The accelerating digital transformation of the global economy has made it easier to conduct business from almost anywhere, but there are downsides to the added efficiency and convenience. The quick shift to online transactions has led to increased cyber threats and security breaches, particularly for those who aren’t prepared.
“Many businesses are consuming technology faster than they can protect it,” says Adam Evans, senior vice president and chief information security officer (CISO) at RBC.
The pandemic has heightened the risk over the past three years, Evans adds, with many people handling sensitive customer information while working from home.
Businesses are battling what Evans calls the growing “economy of crime,” which includes everything from well-established phishing and malware operations to ransomware franchises. Data breaches have become a huge and growing problem for companies of all sizes and across sectors.
Small- and medium-sized enterprises (SMEs) are a key threat to supply chains, partner networks and ecosystems, according to the World Economic Forum Centre for Cybersecurity . A recent survey commissioned by RBC shows nearly half of Canadian small business owners anticipate becoming a victim of cyber crime in the next year.
The risk is also real for family offices managing billions in assets and dealing with huge volumes of private client information.
The North American Family Office Report 2022 shows nearly one in three feels ill-prepared to safeguard themselves should a scam or cyber attack occur.
“The more technology a company brings on board, the more it will be targeted,” Evans says, adding that smaller firms with fewer resources are often more vulnerable.
“The crux of the problem is: they’re not sure where to start.”
Evans says businesses can protect themselves by taking the right steps and adopting the proper security frameworks—everything from multi-factor authentication and mandatory employee training to thinking through potential risk scenarios and identifying key stakeholders to manage them. The report shows 68 percent of family offices have a cybersecurity plan, but more than half feel it could be better.
To improve their level of cyber security, Evans says, family offices can begin by identifying which areas of the business are in most need of protection—for example, the client database and intellectual property.
“You need to sit down and think about what you need to protect—and then start building a plan to protect it,” he says.
Evans also recommends bringing in cybersecurity experts to help ensure all bases are covered.
“There may be blind spots that family offices are not aware of,” he says.
With phishing and malware, for example, the protection may include patching holes in the virtual network and running security software to ensure everything is safeguarded. Businesses also need to know if there are other internal and external systems they’re connected to that may not have adequate safeguards in place.
“These steps all help with your cyber hygiene and create more barriers for threat actors who want to compromise your family business systems,” Evans says.
Businesses also should have a crisis management plan in case there is a breach.
“You don’t want to think about your plan in a time of crisis,” he says.
A crisis management plan typically includes contact information for outside organizations equipped to deal with a cyber breach.
“Have you got a retainer with a company to come in and help you through your crisis? Do you know who in law enforcement you would need to call?” he adds, noting that it’s imperative to act quickly if there’s a breach or suspected breach.
“You need to think of it not as if it’s going to happen, but when,” Evans says.
As part of the survey results, RBC provided tips for business owners to develop their cybersecurity mitigation and crisis management plans. They include:
1. Prioritizing measures such as multi-factor authentication, mandatory cybersecurity training for employees and limited authorization for those who install software.
2. Thinking through risks and creating a prioritized list of possible cyber events unique to the organization.
3. Compiling a list of key stakeholders—leadership, technical and non-technical persons—and their relevant contact information for use in the event notifications and/or their services are needed.
4. Outlining an engagement procedure to guide the organization’s response to a cyber attack, detailing how events will be handled and communicated.
5. Creating a communications template specifying details on how and when to address impacted parties should a cybersecurity incident occur.
Family offices and SMEs, in general, can find more information on adequately preparing and protecting their organization against cybersecurity incidents at this link .
RBC Wealth Management is a business segment of Royal Bank of Canada. Please click the “Legal” link at the bottom of this page for further information on the entities that are member companies of RBC Wealth Management. The content in this publication is provided for general information only and is not intended to provide any advice or endorse/recommend the content contained in the publication.
® / ™ Trademark(s) of Royal Bank of Canada. Used under licence. © Royal Bank of Canada 2024. All rights reserved.
We want to talk about your financial future.