Nearly half of Canada’s small business are concerned about becoming victims of cybercrime in the next year, according to a survey sponsored by one of Canada’s biggest banks.
The online survey included 3,000 Canadians and was conducted in August.
The Royal Bank said 40 per cent of business respondents believed having devices infected by a virus or malware is now their biggest threat, ranking higher than falling victim to an online scam or fraud (24 per cent), or property damage (24 per cent).
- 24 per cent of small business owners feel ‘very’ knowledgeable in regard to cyber security threats. That number rises slightly to 27 per cent among those who have experienced a previous cybersecurity incident;
- 16 per cent overall said they feel very prepared for a cybersecurity incident; this grows to 19 per cent of those who have experienced a previous incident;
- 57 per cent of small business owners said they were handling cybersecurity risks themselves compared to relying on in-house IT teams (25 per cent) or outsourced IT consultants;
- individuals who haven’t previously experienced a cybersecurity incident (62 per cent) were more likely to take a do-it-yourself approach compared to past victims of cybersecurity incidents (51 per cent).
Here are the most common preventative measures small businesses respondents said they have taken are:
- installing updated anti-virus software (60 per cent),
- implementing firewall security for internet connections (56 per cent),
- encrypting and hiding all Wi-Fi networks (43 per cent),
Adam Evans, RBC’s chief information security officer, said “faced with a fast-changing landscape, small businesses are adapting by adopting more technology and adopting it faster than ever before” and “Though the increasingly digital economy has brought new challenges for Canada’s small businesses, our poll reveals that the risks are accompanied by a growing awareness of these hazards, indicating that small business owners are responding to these risks with the resilience and determination we’ve come to expect of them.”
The bank recommended that small businesses should consider these five steps to increase their cybersecurity and crisis management plans:
- “Prioritize multi-factor authentication, mandatory employee training and limiting employees’ authority to install software;
- Think through risks and create a prioritized list of possible cyber events unique to the organization;
- Identify key stakeholders and put together a list of key contact information, both technical and non-technical persons, in the event their services or contact is needed.
- Outline an engagement procedure, which will guide the organization’s plan in response to a cyber event, detailing how events will be handled and communicated;
- Create a communications template to address impacted parties in the event of a cybersecurity incident.”