How secure is your business? What about the data you collect for business use, how secure is it? In the expanding digital age, the two questions are virtually one and the same. Most businesses are primarily made of data. Frighteningly, more than half of the 650 registered businesses surveyed by the Canadian Securities Administrators reported some sort of cyber-security incident in 2016.
As an organization, the Canadian Securities Administrators (CSA) has good reason to be concerned about the state of cyber-security in Canada. The CSA is made up of regulators from the 10 provincial and 3 territorial securities commissions. Their goal is to improve, coordinate, and harmonize regulation of Canadian capital markets, administration of which is functionally left to each province or territory. It’s a safe extrapolation the CSA is considering mandating federal regulations around cyber-security for businesses across Canada.
The most frequent attack reported was phishing. 43% of respondents reported cyber-security issues involving phishing. Phishing is an attempt, often successful, at getting someone at a business to share user-names and/or passwords in a bid to gain access to a company’s web-servers or database. Phishing attempts are often made via email but can also be made in person or over the phone. There are dozens of ways to potentially spot a phishing attempt before falling victim to it but the safest method is quite simple. Treat your business information like the four digit PIN number associated with your debit or credit card, or better yet, treat it like your social insurance number. There is almost never a correct time to share it and always a million good reasons to protect it.
18% of businesses reported malware incidents. Malware is often found on business websites, especially on sites built on the popular WordPress platform, and is designed to infect visiting computers with some form of itself. Often malware is programmed to record and report keystrokes, to alter the users’ web experiences by directing them to websites they would not otherwise visit, or to make the infected machine part of a larger bot-net. There are a number of best-practice steps a business’ IT department should take to make sure the website and server are free of malware and that they remain protected against future infection. Several security focused WordPress plug-ins such as WordFence, and BulletProof Security are available to webmasters and administrators.
15% of businesses reported fake invoices or fraudulent attempts to transfer money. These scams are variations on age-old frauds and the only protection is vigilance.
“Preparation is key to mitigating cyber security threats,” said Louis Morisset, CSA Chair and President and CEO of the Autorité des marchés financiers in a CSA press release issued yesterday. “We encourage all firms to perform comprehensive risk assessments, and evaluate the strength of existing policies, employee training programs and response plans as they relate to vulnerabilities in these areas.”
Cyber-security is likely to be one of the primary social and business issues in 2018. An annual business or website security audit would be a smart procedure to implement.