The Canadian Guide to Better Cybersecurity
Cybersecurity – 5 min read

The Canadian Guide to Better Cybersecurity

If you're like most businesses in Canada, the Internet is an indispensable tool to your success. Getting online allows you to attract new leads, engage customers and grow your business. Even if you don't have a website or participate on a social media platform you probably depend on the Internet for other business operations like banking, paying bills, payroll or ordering supplies. All Canadian Internet-connected systems, networks and data are vulnerable to the threat of cyberattacks. From unauthorized access to data, to the theft, alteration and destruction of private information, these attacks have detrimental impact on electronic data. Yet, a recent study found that 83% of small and medium businesses in Canada do not have a cybersecurity plan in place.

 

Cybersecurity encompasses all methods, techniques, procedures and tools used to protect companies and individuals from cyberattacks, while preventing potential future business disasters. Below we offer a uniquely Canadian guide to cybersecurity, focused on the three pillars of cyber health: preserving confidentiality, preserving integrity, and maintaining availability.

 

Increased Attacks on Canadian Businesses

 

The rapid rate of growth in modern technology has opened the door for an increasing number of malicious attacks on Canadian businesses. As physical offices are replaced by a complex online network, and as businesses operate interconnectedly through a series of end-point devices, there is more room for cracks in the system to be infiltrated by intruders. Over a 12-month period in 2012, 69% of Canadian businesses surveyed reported some kind of cyberattack, costing them approximately $5.3 million, or about $15,000 per attack. As sensitive information spans from computers to smartphones to tablets, businesses must remain one step ahead in ensuring their own protection.

 

1. Cybersecurity Planning

 

It can be difficult to pinpoint vulnerabilities, which can range from the design, to the implementation to the operation of systems. Upgrades and add-ons to hardware and software can also trigger vulnerabilities in a system’s core. A solid plan to ensure your cybersecurity includes the protection of three major areas:

 

  1. Internet-capable devices such as computers, tablets, smartphones
  2. The network, both external and internal
  3. The cloud

 

The most common techniques used in the protection of devices are antivirus and anti-spyware software, firewall and a virtual private network (VPN). Passwords, ID, and encryption are commonly used to protect the network from outside attacks and provide enhanced internal security.

 

2. Security Awareness Campaigns

 

Cybersecurity in the cloud is more complex, as it requires a set of strategies and policies to form controls that protect the cloud system. The number one thing Canadian business can do to increase their cybersecurity is to run awareness campaigns in the workplace. A workforce steeped in knowledge about potential cyberattacks will be better positioned to avoid activities that create vulnerabilities and identify threats quickly and hopefully before they cause damage.

 

3. Develop a Strategy

 

It is also important to develop a strategy that can be quickly implemented in the event of an attack. A cyberattack disaster could amount to significant data and financial losses. A well-planned recovery approach and guide to cybersecurity will help to minimize the impact of a cyberattack and ensure businesses can return to normal operations faster. Areas to be addressed in creating your strategy include:

 

A. Roles and Responsibilities

 

Define and assign roles and responsibilities. There should be 1 person who has the ultimate responsibility for maintaining, enforcing safe cyber practices and implementing a response.  

 

B. Document Policies, Procedures and Standards

 

Create and document policies, procedures and standards. This doesn't need to be complicated but it is essential in helping your employees understand their roles and responsibilities. A security policy is a document that states what personnel may or may not do with respect to cybersecurity. A standard is a document that explains how a specific task should be done. Standards most often apply to setting up and using technical systems. Test your procedures. Update your policies and standards as need be.

 

C. Restrict Employee Surfing and Software

 

Pay attention to web security by restricting the types of websites that employees are allowed to visit and advise employees on what software is safe to install on their computers. Permission should be sought before downloading any new programs. Draft and prominently post an Internet Usage Policy for personnel to follow. This will include whether employees can use their work emails to sign up for social media platforms. Create social media policies. Require employees to have complex passwords that include letters (uppercase and lowercase), numbers and symbols.

 

D. Point of Sale

 

Point of sale (POS) security requires special attention. Always ensure that your POS system is behind a firewall and set up strong encryption for all transmitted data. Never use the default username and password provided by the manufacturer. Client data should be accessed on a need-to-know basis only. Ensure that all anti-malware software is always up to date.

 

E. Email Security

 

Implement standardized email security by using a spam filter. A spam filter will help you avoid the most potentially harmful emails sent by cyber criminals. Instruct employees to never click on any unverified or suspicious links—one errant click could hurt your business. Enable HTTPS, which encrypts data and makes life harder for cyber criminals. It is also good practice to use generic emails (such as info@companyname.com) for email addresses that are on your website or on your social media accounts.

 

F. Backup and Recover Plans

 

Develop backup and recovery plans. Losing access to your data would be devastating. Developing a strenuous backup and recovery plan will be the best money you spend on cybersecurity, in addition to educating your team on cybersecurity. Backup like you breathenon-stop and without thinking about it.

 

 

Failure to adopt a comprehensive plan to cybersecurity has caused huge problems for some Canadian companies. Apathy is very dangerous. It’s not only money or highly sensitive data that intruders are targeting. Canadian businesses and their employees are at risk of having their personal information stolen, as well as their network and information destroyed.

 

Taking action to prevent such disasters by engaging in cybersecurity planning can make all the difference in how a company functions and flourishes in Canada’s booming technological environment.

 

Learn about your IT security. Register for a free cybersecurity consultation.  Book Now Considering moving to the cloud? Find out if the cloud is right for your  company.Book Now
Guide to Email Security from our Practice Safe Cyber Series Download Your Poster
Global Toronto and CreateTO City of Toronto Agencies Case Study
Learn about your IT security. Register for a free cybersecurity consultation.  Book Now
Guide to Ransomware Attacks in Canada
Considering moving to the cloud? Find out if the cloud is right for your  company.Book Now
New IT Infrastructure Transforms Organization. KCI Ketchum Canada
Engage our services and get 10 hours free. It's easy to work with CITI. Become  a client.Book Appointment

IT Insights from our Blog

Read more

We're here to help!

Moving to the Cloud
Cybersecurity

Is your management team asking about your IT security policies and practices? Are you worried about a cybersecurity breach? CITI’s comprehensive IT security services provide all the information your company needs to deal with current and future security situations and concerns. Learn about your IT security. Register for a free cybersecurity session.

Managed Services

There is another way to manage your IT that doesn’t require you call your IT firm. Managed IT services offer proactive care, support, monitoring and maintenance of your computer systems for a fixed monthly fee. Process-driven, less involvement, more predictable cost. Yes, Virginia, there is a way to keep your IT running smoothly that does not require you to make a call.

Pay-As-You-Go

Are you concerned about minimizing IT maintenance costs? Perhaps you’re techno savvy. Or maybe you only need an IT firm for complex IT situations. CITI can provide exactly the volume of IT services that you want and need from network troubleshooting to helping a user with a jammed printer. Our full range of services are available on a per incident basis.

Disaster Recovery

Is the stuff of your nightmares power outages? The only way to deal with a severe interruption to business operations is to plan for it. Beginning with a disaster recovery plan through implementing and maintaining failsafe, foolproof, rock-solid offsite backups, CITI has helped 100s of companies protect their most valuable asset—their data and systems.

IT Consulting

Uncertain if your company should move to the cloud? Do you have doubts about the best way to back up your data? Looking for ways to minimize your vulnerability to IT security breaches? Perhaps you’re looking for help with your annual IT budget. CITI’s IT advisory services help businesses make informed strategic and tactical decisions on information technology.

Call Us