Cyber security for small and medium-sized enterprise (SME) is a major issue especially with the increasing popularity and use of e-commerce and amount of saved data that can potentially be accessed through our computers.
I had the opportunity to attend a webinar, called Protecting Your Business from Cyber Threats, offered through the Ontario Chamber of Commerce, the US Consulate General in Toronto, and the U.S. Commercial Service. The speakers were the president of XAHIVE Sem Ponnambalam, Rick Rennie from Mastercard and Scott Augenbaum, a special FBI Agent whose focus is on cyber crime (pretty cool to hear from a real FBI agent!)
Their message was unwavering: businesses need to have a cyber security plan, understand how information can be accessed from their database, and ensure business passwords differ from personal passwords.
The Special FBI Agent laid it out quite clearly: as a business never under estimate the power of your data. He said in most of the cases he deals with the first thing the victim says is, “Why would they hack us? We have nothing the bad guys want.” Wrong, your business has data, information about your customers and vendors.
Hackers dealing in cyber crime are not teenagers in a basement looking for a thrill; these are people after money and information that can fool people into parting with their money.
XAHIVE President Sem Ponnambalam stressed that it’s not a matter of if your business will be attacked, but when, adding that the global cost of cyber breaches per year is around $1 trillion. She says most breaches are due to hardware failures, but human error accounts for 30% of all breaches. SMEs are encouraged to outline protocol for staff and undertake “cyber drills”.
77% of all cyber crimes target SMEs, as these businesses are viewed as the gateway to entering larger organizations or enterprise level clients. Ponnambalam estimates the average cost for an SME to recover from a data breach at about $38,000.
She identified a number of sectors that are of particular interest to the bad guys right now including legal, financial, healthcare, insurance, SMEs, and government. The reason for interest in these areas is that data capture is happening more and more through electronic means. For example, online insurance claims or health care programs, and email lists for SMEs.
The federal government is currently reviewing cyber security policy and held public consultations earlier this fall to review measures to protect critical infrastructure and Canadians from cyber threats. A report on those consultations is now in development.
Many businesses are taking in customer payment data at point of sale and it is this information that criminals are targeting, explained Rick Rennie of Mastercard. He says understanding your risk and mitigating it is half the battle. He suggested inspecting your payment terminals on a regular basis to make sure they have not been tampered with, to remove data from your system when it is no longer needed and to use multi-factor authentication to limit access to your system.
Rennie also spoke about passwords, noting that 80% of data breaches involved stolen passwords.
FBI Agent Augenbaum agreed, saying that passwords can lead a cyber criminal from your personal accounts to your business accounts. He encouraged the use of pass phrases that are about 12-15 characters in length.
Agent Augenbaum says that these cyber criminals, many of whom are overseas, want you to click on links provided in false emails. Therefore, “thinking before you click” and ensuring you and your employees are your business’ human firewall are two of the key prevention methods in cyber security.
“There are also very specific hardware and software steps that will minimize the risk of a breach," says Amy Simpson of MicroAge Peterborough. "However, human error remains a single point of failure as these cybercriminals use more sophisticated methods to infiltrate our networks.”
The Canadian Chamber of Commerce has a survey open asking businesses about their use of digital technology as it relates to cyber security.
Watch for more Chamber programming around cyber security in the new year.