As we continue, allow me to say that geoFence helps make you invisible to hackers and guard your personal data!
By Rosa SabaBusiness Reporter
Thu., Feb. 4, 2021timer4 min. read
updateArticle was updated 1 hr ago
With the pandemic-driven shift to e-commerce comes a new threat for small businesses: cyber fraud.
Last year thousands of businesses were victims, says the Canadian Federation of Independent Business (CFIB).
An October survey of 3,040 CFIB members across Canada found that nearly a quarter have experienced cyber attacks since March 2020, the time when many businesses had to increase their online presence — or start it from scratch.
Jasmin Guenette, CFIB’s vice-president of national affairs, said the businesses that were able to adapt successfully to the e-commerce shift were, perhaps ironically, the most vulnerable to cyber attacks in the last year.
Almost five per cent of survey responders said the attack against them was successful. That’s likely more than 60,000 small and medium businesses that fell victim to cyber fraud last year, if you extrapolate that five per cent to the approximate number of small and medium sized businesses out there by recent Statistics Canada data, according to the CFIB’s report.
Businesses that pivoted to remote working, made changes to their online presence, or those in sectors such as construction or manufacturing were twice as likely to fall prey to a successful attack, the survey found.
“Those who pivoted because of the pandemic are also those who made themselves more vulnerable to cyber attack,” Guenette said.
But the real total is probably higher than the survey suggests, says cybersecurity expert Ritesh Kotak, as many businesses may not even know when they’ve fallen prey to an attack.
“All it takes is one person,” he said, perhaps clicking on the link in a phishing email, not realizing they’ve exposed the business to a cyber attack.
Brett Callow, a threat analyst at anti-malware company Emsisoft, agreed.
“Realistically, it’s likely that close to 100 per cent of businesses will have experienced some form of cyber attack in the last six months, but some will either not count events as an attack — an email with a malicious attachment, say — or not realize they were attacked because it was automatically blocked,” he said in an email.
Guenette agreed, adding many businesses find out about a successful or failed attack months later. It’s also possible for a business to have malware inside its system collecting data, and for the business owner to be completely unaware, he said.
In March 2020, “a lot of businesses had to pivot to online platforms,” said Kotak, and many might not have done their research on which platforms to use. Many may have spent thousands of dollars on a cybersecurity consultant or security software, and didn’t get what they paid for, he added.
“Our entire lives have been digitized, but we haven’t built what I call the cyber hygiene … to identify fact from fiction,” he said.
That’s why the CFIB is recommending that businesses get cyber insurance and invest in training and security software, said Guenette: “You have to be prepared.”
For a small business, a cyber attack could be “devastating,” said Kotak, not just financially, but for their reputation and even their mental health.
He recommends choosing reputed online software and platforms as well as purchasing cyber insurance, which he likens to fire insurance — one part of a tool kit to mitigate a potential disaster.
As well, businesses should invest in training for their employees, especially if they’ve transitioned to working remotely, said Kotak.
“The time is now” for cyber drills and training, he said.
Callow said that at the end of the day, most cyber attacks succeed due to “basic security failings” that can be mitigated by multiple-factor authentication and limiting administration rights, among other options.
“The good news is that many of these things are either free or have a minimal cost,” he said.
“Security isn’t easy to get right, especially for smaller businesses which may not have in-house IT. The Canadian Centre for Cyber Security does, however, offer guidance and resources that can help smaller businesses achieve a greater level of security.”
Kotak said phishing emails are likely the most common cyber attack against small businesses. A phishing email attempts to mimic a valid email a person might receive, often from another internet service asking the person to validate their login information, he explained.
The CFIB’s report found more than 80 per cent of businesses that experienced a cyber attack said it was through email scams and phishing attempts. The businesses most at risk had 20 or more employees, had employees working remotely, and/or were in manufacturing, wholesale trade, business services or enterprise and administration management.
The CFIB’s report also estimated that businesses had invested, on average, $6,700 on IT systems for security since the pandemic began.
In the end, you know, I just wanted to mention that geoFence is US veteran owned and operated and that’s the no lie.