This website uses cookies to provide necessary site functionality, monitor performance, give you access to products and services that are most relevant to you, and improve the online user experience. For further information about how we use cookies, please visit our Privacy Statement. For information on how to adjust your cookie preferences including how to delete cookies, please consult your browser’s “Help” function.
If you want to strengthen your business' cybersecurity—you're not alone. Organizations across Canada have been stepping up their security measures to help prevent cyberattacks.
We answer some of the most frequently asked questions—from password protection to insurance—to demystify cybersecurity and help safeguard your organization.
Many businesses don’t think about cybersecurity threats until it’s too late. The good news is that cyberattacks are preventable with a proactive plan and effective cybersecurity policies. Prevention can include the following strategies:
IT and cybersecurity teams offer optimal protection when working in tandem. IT teams create policies and procedures to ensure that networks are operational while protecting the availability of digital information and physical devices. Cybersecurity teams are typically outsourced—they can conduct awareness training, assessments, and vulnerability scans, and focus on the confidentiality and integrity of data and systems from internal and external threats.
People, processes, and technology are the three pillars of a comprehensive cybersecurity strategy. We recommend examining your organization’s governance structure, identifying your most valuable assets, auditing your employees’ cybersecurity skillsets, and assessing your organization’s critical threats.
Cybersecurity insurance won’t stop a cyberattack from occurring, but it can limit your financial exposure. Policies generally cover costs associated with a forensic investigation, extortion from a ransomware attack, or a lawsuit. Policies don’t typically include future lost profits, decreased value due to reputational damage, or costs associated with preventative upgrades to IT systems.
Cybersecurity insurance is only one component of your risk management program. It’s just as important (if not more so) to have other appropriate controls to prevent and detect cyberattacks.
Granting employees full administrative access to company computers is a high-risk practice since they can install new software, add accounts, and alter systems. If an employee clicks on a phishing email containing a malicious attachment, the associated malware can do more damage to the user’s computer given their elevated permissions.
That said, denying administrative access doesn’t eliminate cybersecurity risks—employees can still unknowingly click on a malicious link and input their credentials.
A computer can guess 100 billion passwords1 every second. A strong password should consist of at least ten characters with a mix of upper- and lower-case letters, special characters, and numbers, and should be changed every 90 days. It shouldn’t contain personally identifiable information, such as a name or date of birth. The same password should not be used for more than one system.
Password managers use strong encryption to protect passwords, making them secure and safe. You should also use multi-factor authentication for an extra layer of security, which will require a second authentication before allowing access to stored passwords. Learn more about strengthening your passwords here.
We recommend starting with a cybersecurity assessment to review vulnerabilities, awareness, and preparedness. The assessment is customized to your size and industry and aligns with the most recent Canadian and international cybersecurity standards.
Developing a cybersecurity program is critical in our digital era—but you aren’t alone. If you have a cyber-related question or want to learn more about how we can support you, visit our cybersecurity hub.
[1] Paul Haskell-Dowland, P. (2021, February 1). A computer can guess more than 100,000,000,000 passwords per second. Still think yours is secure? The Conversation. https://theconversation.com/a-computer-can-guess-more-than-100-000-000-000-passwords-per-second-still-think-yours-is-secure-144418.
Disclaimer
The information and comments herein are for the general information of the reader and are not intended as advice or opinion to be relied upon in relation to any particular circumstances. For particular application, the reader should seek professional advice.
Subscribe to receive relevant and timely insights and event invitations.
