There’s a perception gap when it comes to cybersecurity threats: While many small business owners think hacks only happen to large companies, the reality is quite the opposite. Nearly half of cyberattack victims are small businesses, according to a 2019 Verizon report.
This means preparation is key. But for many small businesses, addressing cybersecurity threats on a tight budget can seem challenging. The Globe and Mail spoke with industry experts about some low-cost cybersecurity measures that can help protect your organization without breaking the bank.
1. Spread education and awareness among employees
For small businesses with multiple employees, education is one of the most effective, budget-friendly ways to prevent cybersecurity breaches.
“The biggest exposure often sits between the computer screen and the keyboard,” says Donna Millingen, underwriting expert at Northbridge Insurance. “Training your employees to identify phishing emails and what to do when they encounter them is a key step in protecting your business and its data.” Millingen recommends reminding staff not to click on links from unfamiliar sources, to be conscious of emails with spelling mistakes and to scrutinize email addresses with missing or incorrect characters.
“Those are tipoffs that something might not be legitimate,” she says. “And if there’s any doubt, don’t open it.”
While this may seem obvious to you, it might not be to your employees. That’s why Trevor Craig, vice president and partner of the McLean Hallmark Insurance Group Ltd., says education shouldn’t end with one employee meeting or training session.
“This is something that has to be ongoing, certainly with all current employees, and then as part of the onboarding process for new ones,” Craig says. “Your employees are your first line of defense when it comes to preventing cyberattacks.”
2. Seek reputable information from free and low-cost sources
If you’re looking for training, there are many free or low-cost resources available to small business owners.
Millingen suggests the Canadian Centre for Cyber Security, a resource from the federal government that offers tools, services and education for improving cybersecurity. Craig recommends low-cost staff training resources like Ninjio, a program that uses short animated videos to teach employees about cybersecurity.
“Our firm is currently going through mandatory cybersecurity awareness training,” he explains. “Online video services can be an effective and inexpensive way to get it done.”
3. Protect your hardware
Some of the most effective ways to safeguard your small business’ data can be the simplest – for example, ensuring that any staff working remotely keep their laptops safe while in public places.
“You should never leave your laptop turned on and unattended in a coffee shop,” says Patty McNeil, senior vice president of commercial insurance at the McLean Hallmark Insurance Group Ltd. “Someone can take a photo of whatever’s on your screen without ever touching your laptop. That can give them access to sensitive data or information that could be used to impersonate someone else.”
Millingen notes that it’s also important to require frequent password changes across the business.
“Don’t allow your employees to reuse their passwords, change them monthly and make sure you require a more complex format that’s more difficult to hack,” she says.
Millingen also suggests removing former employees’ access to company files as soon as they leave the organization to avoid leaving an open portal for someone to enter your network and systems.
4. Verify managed service providers
Small businesses without the resources to hire dedicated in-house IT staff can consider using a managed service provider (MSP) to provide this support. But Craig says it’s important to ensure that any third-party partner has also prioritized cybersecurity.
“You need to make sure they’re just as concerned about it as you,” he says. “Otherwise, it just creates another potential point of exposure.”
5. Take advantage of coverage benefits
While employee training, hardware protection and third-party service providers can help protect your business, McNeil and Millingen suggest that small businesses also consider investing in cyber insurance.
These policies not only provide financial protection if you experience a breach but can also connect you with outside experts to help you prepare for one.
“If your policy offers that benefit, take advantage of it,” McNeil says. “Unfortunately, many companies don’t. These resources can provide assistance with training and other proactive measures to protect your business – not just assistance when something terrible happens.”