Cybersecurity is often overlooked, but the issue made headlines more than once in recent months due to serious data breaches and the sudden shift to work-from-home arrangements. In fact, the FBI has recorded a 300% increase in cyberattacks since the beginning of the COVID-19 pandemic. Now more than ever, every business, regardless of size or industry, needs to protect its IT networks, systems and assets.
The fight against cybercrime is ramping up quickly and companies are set to spend $6 trillion to ward off attacks in 2021, according to Cybercrime Magazine. This comes after a Statistics Canada report published in October indicated that 21% of Canadian businesses fell prey to cyberattacks in 2019.
In addition to facing increased threats, companies also have to keep up with changing legal obligations. Quebec’s National Assembly is about to pass Bill 64, An Act to modernize legislative provisions as regards the protection of personal information, under which companies will have to pay heavy penalties for negligent cybersecurity and privacy practices.
Cybersecurity shouldn’t be considered a mere technology concern. It’s a strategic investment. It’s also a complex ecosystem, which is why businesses need help from specialists, claims Roger Ouellet, the security practice manager at NOVIPRO, a firm that specializes in business, IT and cloud computing solutions.
“There’s no magic recipe or one-size-fits-all solution,” he says. “Basic measures are no longer sufficient and keeping pace requires continuous effort. We’re dealing with a target that’s always moving.”
First, know thyself
If an organization wants to protect its systems, first it has to sit down and think strategically. What are its mission and vision? What risks is the business willing to take? What’s the maximum acceptable duration of unplanned downtime?
“Fundamentally, cybersecurity measures are there to protect your company’s viability. It’s that simple,” explains Mr. Ouellet.
Many companies are unable to identify or locate their sensitive data. And yet, a cybersecurity strategy should be built around this data first, and then from a risk and impact analysis. It should also be based on infrastructure and data protection plans, as well as contingency plans designed to minimize damage and loss in the event of an attack.
There are several factors to take into consideration when analyzing information and developing plans, such as the company’s size, specialization, resources and legal obligations in terms of security.
Employees are your best firewall
Your cybersecurity strategy doesn’t stand a chance if your employees aren’t on board.
“You can have all the best security measures, but if users aren’t attuned to cybersecurity concerns, your efforts will be in vain,” explains Mr. Ouellet.
For years, it was common for companies to leave employees out of the equation and focus on major infrastructure investments instead. But hackers have learned that humans are the weakest link, the area that’s the least protected. Unsurprisingly, people have become their top target. “Every employee is a potential gateway,” warns Mr. Ouellet.
To make your IT security strategy successful, you need to provide employees with training and increase their awareness of potential threats. They need to know the basics of cybersecurity and what they should do to keep attackers out.
Workers need to know that corporate procedures were developed to keep systems safe, not to monitor or limit their activities, says the NOVIPRO expert.
Cybersecurity basics and next steps
Regardless of a company’s size, the basic components are always the same: firewall, anti-spam filter and systems for managing updates, vulnerabilities on mobile devices and computer workstations. Of course, the list may also include other things, depending on the needs of the organization.
Since specialized expertise is needed to effectively perform all analysis, planning and implementation tasks, many small and mid-size businesses opt for managed services.
But even once you have all the right tools, you still can't let your guard down. With new technological advancements emerging so quickly, systems can become vulnerable in no time. Cyberattackers work day and night to find vulnerabilities.
That’s why Roger Ouellet stresses the importance of keeping employees top-of-mind. “Your employees are your allies. You’ve got to make things easy for them and raise their awareness at the same time.”