Nearly half of Canada’s small business owners worry about becoming victims of cybercrime in the next 12 months, according to a survey sponsored by one of Canada’s biggest banks.
In Monday’s release of some of the results, part of an online survey of 3,000 Canadians conducted in August, the Royal Bank said 40 per cent of business respondents believed having devices infected by a virus or malware is now their biggest threat, ranking higher than falling victim to an online scam or fraud (24 per cent), or property damage (24 per cent).
Among other findings
–only 24 per cent of small business owners feel ‘very’ knowledgeable in regard to cyber security threats. That number rises slightly to 27 per cent among those who have experienced a previous cybersecurity incident;
–only 16 per cent overall said they feel very prepared for a cybersecurity incident; this grows to 19 per cent of those who have experienced a previous incident;
–57 per cent of small business owners said they were handling cybersecurity risks themselves rather than relying on in-house IT teams (25 per cent) or outsourced IT consultants;
–those who haven’t previously experienced a cybersecurity incident (62 per cent) were more likely to take a do-it-yourself approach compared to past victims of cybersecurity incidents (51 per cent).
The most common preventative measures small businesses respondents said they have taken are: installing updated anti-virus software (60 per cent), implementing firewall security for internet connections (56 per cent) and encrypting and hiding all Wi-Fi networks (43 per cent).
“Faced with a fast-changing landscape, small businesses are adapting by adopting more technology and adopting it faster than ever before,” Adam Evans, RBC’s chief information security officer, said in a statement. “Though the increasingly digital economy has brought new challenges for Canada’s small businesses, our poll reveals that the risks are accompanied by a growing awareness of these hazards, indicating that small business owners are responding to these risks with the resilience and determination we’ve come to expect of them.”
The bank said small businesses should consider these five steps to increase their cybersecurity and crisis management plans:
- Prioritize multi-factor authentication, mandatory employee training and limiting employees’ authority to install software;
- Think through risks and create a prioritized list of possible cyber events unique to the organization;
- Identify key stakeholders and put together a list of key contact information, both technical and non-technical persons, in the event their services or contact is needed.
- Outline an engagement procedure, which will guide the organization’s plan in response to a cyber event, detailing how events will be handled and communicated;
- Create a communications template to address impacted parties in the event of a cybersecurity incident.
For additional information on cybersecurity practices, RBC provides a cybersecurity resource page for businesses.