The five Ws of cybersecurity for small businesses
January 31, 2019
Small businesses often put cybersecurity on the backburner. It’s easy to think you’ll fly under the radar when there are much bigger companies for attackers to exploit.
But cybersecurity matters for any size of business: it’s not just the big guys that get hit. And customers and partners who trust you with their data expect you to be secure.
So, what should you do? A good way to start is by getting familiar with the five Ws of cybersecurity – who, what, where, when and why.
WHO poses a threat to your data?
In any business, data is vulnerable to external and internal threats. External threats include cybercriminals who intercept and steal data. Say you operate an online storefront that collects customer data for future checkouts. Any vulnerabilities in that system could be used by cybercriminals to gain access to the data.
Internal threats come from the people who work in your business – mostly as a result of human error. These may not be malicious, but they can still be destructive, whether it’s an employee who accidentally deletes a key record or someone who accepts a bad email attachment and ends up downloading a virus or malware into your network.
WHAT kinds of cyberattacks are out there?
There’s a long list of cyberthreats that can harm your IT environment or your business, including:
- Malware: a catch-all term for viruses, worms, Trojan horses, spyware and any other malicious software
- Ransomware: cybercriminals lock critical files with a password and demand a fee for access
- Zero-day exploits: vulnerabilities in recently released software that give cybercriminals a way into systems
- Phishing attempts: usually distributed through email and designed to look official, that try to lure users into clicking a malicious link
WHEN should you step up your cybersecurity?
The short answer is: as soon as you possibly can. The longer your business isn’t protected, the more vulnerable you are to cyberattacks.
WHERE is your data vulnerable?
Your data is vulnerable all the time, at rest or in transit. Anything your business uses that touches the Internet can be susceptible to cyber harm. That means every laptop, smartphone, tablet, desktop computer or other networked device, as well as servers, routers and more.
WHY should you put cybersecurity measures into place?
Your customers trust you with their data. That trust shatters when cybercriminals access it under your care. The fallout can harm your brand, cost you sales and money to repair the damage.
There are also laws and regulations for privacy and data protection. For example, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) gives consumers the right to “expect an organization to protect their personal information by taking appropriate security measures.” Companies that fail to live up to that expectation could end up in federal court. And if you’ve ever sold something to someone in Europe and have their data on file, you have to follow the European Union’s General Data Protection Regulation (GDPR). Violate any part of it and you could get hit with a fine of up to €20 million, or four per cent of your global annual revenues – whichever is highest.
HOW can you protect your business from cyberattacks?
There are some basic protections every business should have: antivirus software to prevent harmful files from infecting the network, for example, and proper training for employees so they know to be aware of potential attacks and how to handle them.
With the size, breadth and complexity of threats you can face as a business, the concept of cybersecurity can be daunting. Not to worry: you don’t have to use every possible defence against every potential threat. Security experts today say businesses should tailor their defences to the actual level of risk they face. A cybersecurity expert can help you figure that out.
Bell is always happy to lend a hand. We have years of experience helping small businesses like yours meet their cybersecurity needs.