The Internet gives us unprecedented access to information and ability to reach customers are all over the world, but using it comes with risks, including cybercrime and its associated costs.
We know that cybercrime is a serious threat. It can result in damage to your IT assets, business disruptions and potentially devastating damage to your company’s reputation if client data or other confidential information is stolen or otherwise compromised.
Globally, cybersecurity tops the list of concerns of more than 12,000 executives surveyed by the World Economic Forum. However, less than half of Canadian small and medium-sized businesses consider data security an important issue, according to research by AON.
Cybercrime risks are expanding
Worldwide cybercrime costs are estimated at US$600 billion in 2018, up 20% from 4 years ago according to a report by security provider McAfee and the Center for Strategic and International Studies.
Businesses are increasingly connected to the Internet via their websites, social media accounts, cloud storage and computing, and other services and applications. These connections expose businesses to cybercrime and their proliferation means the risk has risen considerably in the last few years.
Furthermore, as companies go digital and shift toward the Industrial Internet of Things—connecting operational technology to information technology and the Internet—the risks and costs of cybercrime will only increase.
How are companies managing the risks?
Most businesses (76%) use anti-malware software, and a growing number are using spam filters to secure emails and firewalls to protect their network.
Still, about 1 in 5 businesses had their operations affected by cybersecurity incidents in 2017, according to Statistics Canada’s survey of over 10,000 Canadian businesses.
And many security professionals believe this number is much higher. Scalar Decisions’ research argues the number is 3 in 5 businesses, while Carbon Black found 4 in 5 businesses suffered a security breach last year.
Cyber pirates’ entry points
Email scams are still the most prevalent form of attack, responsible for 20% of security breaches. Only about half of businesses are training staff to recognize and avoid email scams, create complex passwords and safely browse the web.
StatsCan found the highest cybercrime costs are related to cloud storage and the use of personal devices to conduct business.
Using the cloud for computing and data storage can improve your bottom line, but you must be mindful that your cloud provider is protecting your data. Less than half of the businesses that used cloud storage for confidential information about their inventory, financial statements, customers, suppliers or partners used their own data protection and control security measures, such as encryption or rights management.
Using personal devices can make your business more agile, however, it also comes with a risk. Roughly two-thirds of businesses allowed the use of personal devices for business purposes, and over half of small and medium-sizedbusinesses didn’t have any security measures in place regarding this kind of use.
What should you do?
To improve your protection against cybersecurity threats at your company, here are some steps you can take to protect your data.
- Start by identifying and classifying your data assets into at least three categories such as highly confidential, for internal use only and public.
- Determine whether you need to archive data or you can delete it.
- Control who has access to it, including data in the cloud.
- Defend it from attack or privacy abuse by encrypting it or using tokenization, which is the process of turning sensitive information, like social insurance numbers, into a random string of numbers called a token. This makes it useless to the cybercriminals who want to sell it and prevents privacy violations if it gets shared with third parties.
Your business relies on data, and your customers, employees and business partners expect you to protect it. Lose their data, you may lose your reputation and even your business.