Offering a wider array of digital services in the automotive aftermarket is a must these days. But is your business ensuring digital assets are being protected?
There’s a good chance the answer is no. A new survey from the Insurance Bureau of Canada (IBC) found that almost half (47 per cent) of small businesses surveyed said they don’t set any portion of their budget aside for cybersecurity.
That means these businesses could be at risk of their systems being compromised by nefarious online characters who could steal company or client information — or both — or hold a repair shop’s or jobber’s data hostage until a ransom is paid.
According to IBC, 41 per cent of small businesses that suffered a cyberattack said the ordeal cost them $100,000 or more.
The COVID-19 pandemic had fuelled cyberattacks as more businesses move to remote work environments or offer greater online services to customers. Ransomware — where malware infects a system and only releases the data back to the owner if a ransom is paid — has been the most common type of cyberattack in the last 18 months. Payments are generally made quickly as operations are essentially ground to a halt as the company can’t access its computers to conduct business.
“The COVID-19 pandemic has forced many small businesses to adopt digital processes and move some of their traditional business online,” said Jordan Brennan, vice president of policy development at IBC. “Unfortunately, this has created increased opportunities for cybercrime. While cyberattacks on larger businesses receive more media attention, small businesses are also a target for online criminals.”
According to a poll by RBC found that almost half of small business owners figure they’ll be a victim of cybercrime in the next 12 months.
“Faced with a fast-changing landscape, small businesses are adapting by adopting more technology and adopting it faster than ever before,” said Adam Evans, chief information security officer at RBC.
Brennan recommended a few steps for businesses to help secure data:
Enforce multi-factor authentication on login and network access
Focus on email security: enable attachment scanning, use external sender banners and train staff (or develop protocol) on spotting and containing malicious phishing attempts
Run regular data backups and make sure the backups have unique credentials
RBC recommended the following considerations for businesses to develop cyber security mitigation and crisis management plans:
Prioritizing measures including multi-factor authentication, mandatory employee training and limited authority to install software
Thinking through risks and create a prioritized list of possible cyber events unique to the organization
Identifying key stakeholders and putting together a list of key contact information, both technical and non-technical persons in the event their services or contact is needed
Outlining an engagement procedure, which will guide the organization’s plan in response to a cyber event, detailing how events will be handled and communicated
Creating a communications template used to address impacted parties in the event of a cyber security incident.