What is a cybersecurity breach?

It’s an unexpected, unintended, and/or unauthorized interference with an organization’s technology systems or the data the organization maintains. Today it’s been redefined in simpler terms:

It’s the risks businesses are exposed to by their very existence.

Costly? Yes. And not surprisingly, some companies don’t even realize they have suffered a cybersecurity breach:

• 76% of business owners report that they believe it’s important to establish security practices and policies¹
• But only 47% say they have established security practices and policies¹

Who causes a breach?

When we think of cyber attacks, we usually think of a hacker inserting a virus or malicious code into a computer system or network. But data breaches can be caused both intentionally and unintentionally by various types of users:

• 52% of all data breaches (for small, medium, and large companies) are due to malicious or criminal attacks
• 48% of all data breaches are due to system glitches (non-employee errors) and employee errors

What could a breach cost you?

• It’s possible that a data breach could cost your business as much as $225 for each lost or stolen confidential record
• Small- and medium-sized businesses ended up spending over $1 million on average in 2017 on damage or theft of IT assets or infrastructure
• They also spent an additional $1.2 million due to disruption in business operations

That totals over $2 million on a single incident.

Could it happen to you?

Small businesses can be a target for hackers because they tend to be more vulnerable:

• 61% of small- and medium-sized businesses reported experiencing a cyber attack in the past 12 months, up from 55% in 2016
• Only 21% of small- and medium-sized businesses rated themselves a 7 or above on a 10-point scale when it came to their IT security effectiveness

What can I do to help protect my company against cyber attacks?

Here are some best practices:

Security and defense systems

Put multiple, overlapping security and defense systems in place. These include firewalls, data encryption and antivirus security software.

Alerts

Receive alerts for new vulnerabilities in vendor systems and platforms, and be sure to install any patches.

Password security

Implement a password policy to ensure the security and confidentiality of data.

Employee education

Educate employees on good security practices, and teach them how to spot phishing emails.

Disaster recovery plan

Develop a formal, well-tested disaster recovery plan. Update it regularly and make sure everyone involved in the plan understands his or her specific responsibilities.

Formal data retention, archive and destruction plan

Implement a formal data retention, archive and destruction plan and be sure to monitor it closely to ensure that it is followed.

Potential benefits of having cyber liability insurance:

• Cover legal fees and expenses associated with a data breach
• Pay for a professional information technologies review to determine the extent of personal data compromise
• Notify customers about the breach
• Restore control over customers’ personal identity, within the constraints of what is possible and reasonable
• Pay an outside firm to research, re-create and replace data lost or corrupted

Learn more about how cyber liability insurance can benefit your business from attacks and data breaches.

Will we be more susceptible in the future?

Cyber threats continue to grow as the Internet of Things (IoT) and the number of devices used by businesses continue to increase. Automated equipment, machinery, components, appliances, sensors, control panels and mobile devices increase the vulnerability of a computer system or network in several ways:

• They often utilize unsecured or poorly secured wireless or cellular networks to transmit data
• Mobile devices such as a land surveyor’s GPS equipment or an EMT’s mobile monitor are more susceptible to theft, allowing thieves direct, physical access to a network
• Connected equipment and devices can be hijacked and used to launch dedicated denial of service (DOS) attacks, allowing the attacker to hide behind someone else’s IP address and computer
• Connected equipment and devices that are widely manufactured and distributed, such as baby monitors, alarm systems and streaming devices often use the same security protocols on every device manufactured

Protect yourself and your business during the pandemic

These are harrowing times, but keeping informed can be one of the best ways to feel empowered. We want to highlight what to look out for and what we can all do together to help protect you and your business from cyberattacks.

The scams are out there

It’s hard to believe that people will take advantage of our current situation with the outbreak of COVID-19, but it’s part of the narrative. According to the Cybersecurity and Infrastructure Security Agency (CISA), cyber criminals could take advantage of public concern surrounding COVID-19 by launching cyberattacks. Scams began surfacing back in January with coronavirus phishing schemes and are on the rise.

Phishing attacks

The CISA notes phishing attacks, or the use of email and bogus websites created to trick victims into revealing sensitive information, will be used by cybercriminals looking to take advantage of COVID-19. 29% of business owners have fallen prey to phishing attacks, according to its 2019 Small Business Owner survey⁵.

Disinformation campaigns

Disinformation campaigns will also be used by cybercriminals, as COVID-19 creates an opportunity to spread fear, manipulate public conversation, influence policy development or disrupt markets. A disinformation campaign is typically used by cybercriminals to spread false information online. For example, a cybercriminal could share content about a fake government relief package for small-business owners. If the content is clicked on or downloaded, malicious software is spread on the user’s device.

Vulnerability of alternate workplaces

As organizations explore alternative workplace options in response to COVID-19, such as working from home, the security of information technology systems may be used by criminals to create cyber threats. Coronavirus-themed ransomware is being used to encrypt a computer’s hard drive, enabling hackers to demand payment to unlock the information and files it contains.

We did our own research

A Small Business Owner Survey found that remote workers are a leading cyber blind spot for small-business owners. This same study found that only 4% of business owners have implemented all of the cybersecurity best practices and recommendations outlined by the government.

Follow these guidelines

We looked at the best ways for you to protect yourself and your business from cyberattacks and here are 5 things you can do.

Tip 1: Combat phishing attacks.

• Do not click on links in unsolicited emails, and use caution when opening attachments
• Never share personal or financial information in email

Tip 2: Guard against disinformation campaigns.

Use trusted resources, such as government websites, for up-to-date information on COVID-19. Here’s a link to Canada.gov.ca  COVID-19 topics.

Tip 3: Use secure internet connections.

Make sure you and your employees work only from secure internet connections. When accessing any confidential or sensitive information, avoid using public Wi-Fi networks.

Tip 4: Secure your business’s information technology systems that enable remote access.

• Ensure your virtual private network (VPN) and other remote access systems are fully patched
• Enhance system monitoring to receive early detection and alerts on abnormal activity; implement multi-factor authentication

Tip 5: Back up your systems to combat ransomware attacks.

Ransomware attacks are a type of malware threat that locks valuable digital assets and files until a ransom is paid to release them. You should:

• Make sure you can restore your files should a ransomware attack occur by storing files offline and if possible, off-site
• Keep several days’ versions of backups, so you can restore your files using malware-free copies

Keep in mind, while real-time backup is convenient, it won’t be effective if your files are encrypted, because the ransomware will encrypt your files on the real-time backup.