Header bg
  • section background

    Three easy things businesses can do to protect themselves from cyber threats

    Hero bg 2
    small-business-cyber-top

    The assumption is that they have a lot of data and other valuable information. Further to that, these are the companies that are most often in the news as victims of cyber criminals.

    This is a misconception that Dominic Vogel — cyber security expert and founder and chief strategist officer for Cyber SC — sees all too often. In fact, he said that more than 80 percent of cyberattacks are focused on small organizations.

    “The bad guys see small organizations as low-hanging fruit,” said Vogel. “They have very few —  if any — security precautions in place. They lack any in-house staff, or any serious technology to be able to deal with that threat, compared to the larger companies.”

    But that doesn’t mean the threat is any less serious. In fact, the opposite is true.

    “In this hyper-connected global economy, the reason the bad guys are going after the small organizations is because they’re a stepping stone to access the larger corporate networks,” explained Vogel. “As a small business, if you end up being hacked, and that ends up affecting a large company . . . you cease to exist as a business.”

    Vogel pointed to an example several years ago of a small HVAC vendor that hackers used to launch an attack on their client, the retail giant Target. “That HVAC company ceased to exist as an organization. Paradoxically, the organizations that have the most to lose are the small companies.”

    Although big organizations can suffer immensely from these kinds of attacks, for the most part, they survive. They have a big enough war chest to weather the incident, whereas a smaller company without those kinds of resources will go under.

    Yet as the number of cyberattacks continue to spike, along with the cost to address them, the proportion achieving top scores for their cyber security readiness is marginally down year-on-year, according to one report.

    To protect against these kinds of disruptive and possibly lethal incidents, Vogel has three basic rules for small businesses to follow that act as a bare minimum for cyber risk mitigation.

    1. Securely back up your files

    This is especially pertinent to small businesses: back up all critical files and data. “One of the most prevalent threats that we see right now, especially with small businesses, is ransomware,” said Vogel. If the business’s data only exists locally on one or two computers, they have no choice but to pay the criminals to release their data back to them.

    Of course, the data could be lost for any number of reasons besides a ransom attack. A useful exercise that Vogel goes through is asking a company: if you were to lose access to your data for an hour, does that affect your company? What about six hours? Twelve? “Some small businesses say they could exist for a day or two, but if we hit the third day, that’s when things start to get messy,” said Vogel. “There’s only so long you can function as a company without accessing your critical data.”

    The lesson: Make sure you’re regularly backing up data to a secure source.

    2. Update your equipment

    This goes for everything: laptops, desktops, tablets, smartphones, and whatever else you use for your business. Make sure everything is set up to automatically update the operating system as well as any applications you use, like Adobe Reader and Google Chrome.

    “Most modern applications now allow you to just check a box and they will update it automatically, you don’t even have to spend time doing it,” said Vogel. “But make sure they’re all set to automatically update, that’s a huge, easy thing to do and it lowers the risk surface.”

    3. Practice proper password management

    For Vogel, there are two pieces to this. The first is using a proper password manager, like LastPass. That way you and your staff don’t have to remember 10 different passwords — they only have to remember one password and use it on multiple applications.

    “Password managers, especially for small businesses, it’s a super simple, super easy thing to do,” said Vogel. “Great risk reduction, in my opinion.”

    The second part is that wherever possible, Vogel advises companies to leverage multi factor identification. “Depending on what web services or web applications you’re using, if there’s the opportunity to use multifactor identification, do so,” he said.

    Of course, these aren’t the only three things that companies should do, but these are the things he described as “low hanging fruit” for cyber protection, that makes it more difficult for a cyber criminal to get through. “If you just make it a little bit harder, a little bit more expensive for the bad guys to do their thing, they’ll go elsewhere,” he said.

    The other advantage to practicing these is that they’re very inexpensive to do. “They can be done quickly and cheaply, especially with a 10- or 15-person company, that stuff could be done within a few days,” said Vogel. “And boom — you’ve got you instant risk reduction, without having to spend weeks or months and tens of thousands of dollars to get that up and running.”

    Originally published May 6, 2019, updated August 25, 2023

    Back to APOLLO Magazine
    Share this article

    Get a quote in less than a minute

    Get no-nonsense coverage that's the best value for your money. Purchase policies from your computer or phone, receive your documents instantly, and save when you buy online.

    Get a free quote

    4.7 rating

    Google Logo

    Get a quote in less than a minute

    Get no-nonsense coverage that's the best value for your money. Purchase policies from your computer or phone, receive your documents instantly, and save when you buy online.

    Relevant articles

    section background
    section background

    Getting insured is as easy as 1 - 2 - 3

    Tell us (very little) about yourself
    1

    Tell us (very little) about yourself

    Just tell us your address, your name, email and phone number. And that's it. We'll give you a price in less than a minute.

    Pay online easily and securely
    2

    Pay online easily and securely

    You can choose to pay monthly or save money by paying for the entire year in one easy payment.

    Get your documents in your inbox - instantly
    3

    Get your documents in your inbox - instantly

    As soon as you complete your purchase, you'll find your proof of insurance and policy documents waiting for you in your inbox.

    Get covered today - it couldn’t be easier

    We’ve provided more than 1,000,000 quotes to Canadians just like you. Give it a try!

    Google Logo

    Reviews

    4.7 rating

    2,102 reviews

    view all

    Across Canada

    Contact Us
    Apollo logo

    © 2024 APOLLO Insurance Solutions Ltd.

    111 Water Street, Unit 210, Vancouver, British Columbia, V6B 1A7

    APOLLO Insurance Agency Ltd. (o/a APOLLO Brokerage in the province of Ontario only) is a licensed retail brokerage, offering our clients with a comprehensive set of insurance solutions to meet their individual needs. APOLLO Insurance Agency Ltd. maintains necessary corporate licensing in provinces across Canada. Availability of products and service depends on licensing and product availability. The information that appears on this page is provided for information purposes only. Advertised products and prices are not guaranteed and vary based on insurance provider and/or insurance company's discretion and product availability.

    Transparency and Disclosure: APOLLO Insurance Agency's role is to provide you with exceptional service and the best insurance products that suit your needs. As a licensed retail brokerage, our compensation is based on a commission basis already built into your insurance premium and varies based on the product purchased through our platform. For a description of how APOLLO Insurance Agency is compensated and how this is calculated, please refer to our Compensation Disclosure document. For consumers in Ontario, please review the RIBO Conduct Fact Sheet and the RIBO Conduct Guidance document.