When RBC’s chief information security officer, Adam Evans, looked at the results of a survey commissioned by the bank on cyber security, he took note of the number of small business owners who said they didn’t feel they knew much about security—and were taking responsibility for it on their own.

The poll, conducted by Ipsos Canada in August, included more than 3,000 people (the representative sampling was weighted by region and results were reported as accurate to within ± 1.8 percentage points had all Canadian adults been surveyed). Results suggested small business owners, even more than the general population, anticipated becoming a victim of cybercrime in the coming year. At the same time, it suggested more than half (57% in poll responses) are also handling cyber security themselves right now. And beyond not having in-house IT, they hadn’t sought out IT consultants, although people with experience with attacks and breaches in their online security were more likely to have contracted a second look at their operations.

 

 

Speaking with Atlantic Business Magazine, Evans said there is a lot to consider when it comes to security. He recommended businesses re-evaluate where they stand and start simply by giving fresh thought to an accounting of what adds value on their books and where they derive value in their operations. It could involve staff safety, protection of a physical property and its contents, but can also include protection of accounts, customer information and intellectual property.

“(It’s) understanding what those assets are,” he said, “and then thinking: ‘How do I want to protect them? What are the things I can do to protect them?’”

Each asset is likely to require different protections. Online, it wouldn’t be just installing anti-virus software, any more than having locks on your shop door covers everything in physical security. At the simplest level, giving thought to how to respond to a break in through a window or managing who holds the keys to the locks is part of the picture.

In the latest edition of ABM, reporter Richard Woodbury looked at how security involves more than a firewall. Along the way, he spoke with multiple people currently working in the cybersecurity space, including for companies large and small, with representatives with Sydney, N.S.-based Securicy and Stepscan Technologies Inc. of Charlottetown. [Read: “Your best defence” in the November/December 2021 issue.]

There are, of course, many specific challenges to online security. The RBC poll suggested the most common measures being taken include: updating anti-virus software (60%), implementing firewall security for internet connections, and encrypting and hiding Wi-Fi networks. But there is good advice available to complement it all.

But take any individual element, like data backups. As a company, should you be storing a backup of your data on site or off site? Online or offline? How frequently should you be backing up data? What is the process? On the latter, depending on the data, you may opt for a full backup each time, or stick to incremental backups in the case of less-sensitive information, where you only create a copy of what has changed since the last time you backed up your files. The cost of data storage can be a consideration and so, as the Canadian Centre for Cyber Security suggests, this “deduplicating” approach has the potential to allow for proper security while also reducing any associated costs.

“With the complexity of the landscape and how much technology has evolved (…) organizations I think need to bring people in to help them manage those risks,” Evans suggested.

Not everyone will be able to afford or would be sized to reasonably keep an in-house security team, but consultants can review and advise on everything from digital account security to possible staff training. It’s also worth noting the Canadian Centre for Cyber Security offers training materials and advice online, to aid security check-ups.

Newfoundland and Labrador is currently working through response to an online attack involving the province’s healthcare system, still under investigation. Other governments and businesses have had to respond in the past. And advice from the federal government online emphasizes that being aware of the possibility and being ready in the event of a challenge to security are two different things.

It’s suggested the company consider scenarios including a possible ransomware attack. Develop and maintain contact lists, outline response procedures and include a plan for communicating with authorities, staff and customers.

Other Canadian banks on personal and banking security:

Scotiabank on computer security

TD on how you can protect yourself

CIBC on privacy and security

BMO security tips