Key cybersecurity questions answered

If you want to strengthen your business' cybersecurity—you're not alone. Organizations across Canada have been stepping up their security measures to help prevent cyberattacks. 

We answer some of the most frequently asked questions—from password protection to insurance—to demystify cybersecurity and help safeguard your organization. 

1. How can a cyberattack be prevented? 

Many businesses don’t think about cybersecurity threats until it’s too late. The good news is that cyberattacks are preventable with a proactive plan and effective cybersecurity policies. Prevention can include the following strategies: 

• Build a human firewall. Your best defence is your people. Cybersecurity awareness training and regular testing can enable your team to identify potential attacks and protect your systems against various threats—from social engineering schemes to phishing, vishing, and smishing. 
• Conduct annual cybersecurity assessments. Cybercriminals are increasingly sophisticated and regularly update their tactics.  Regular evaluation of your security practices is critical to combatting potential cyberattacks. 
• Establish cybersecurity best practices. These can include password policies, system patching policies, and acceptable use. 

2. What is the difference between IT and cybersecurity teams? Does my business need both? 

IT and cybersecurity teams offer optimal protection when working in tandem. IT teams create policies and procedures to ensure that networks are operational while protecting the availability of digital information and physical devices. Cybersecurity teams are typically outsourced—they can conduct awareness training, assessments, and vulnerability scans, and focus on the confidentiality and integrity of data and systems from internal and external threats. 

3. What should my business consider when developing a cybersecurity strategy? 

People, processes, and technology are the three pillars of a comprehensive cybersecurity strategy. We recommend examining your organization’s governance structure, identifying your most valuable assets, auditing your employees’ cybersecurity skillsets, and assessing your organization’s critical threats. 

4. How can cybersecurity insurance protect my business? 

Cybersecurity insurance won’t stop a cyberattack from occurring, but it can limit your financial exposure. Policies generally cover costs associated with a forensic investigation, extortion from a ransomware attack, or a lawsuit. Policies don’t typically include future lost profits, decreased value due to reputational damage, or costs associated with preventative upgrades to IT systems. 

Cybersecurity insurance is only one component of your risk management program. It’s just as important (if not more so) to have other appropriate controls to prevent and detect cyberattacks. 

5. Is it risky to grant employees full administrative access on their company computers? 

Granting employees full administrative access to company computers is a high-risk practice since they can install new software, add accounts, and alter systems. If an employee clicks on a phishing email containing a malicious attachment, the associated malware can do more damage to the user’s computer given their elevated permissions. 

That said, denying administrative access doesn’t eliminate cybersecurity risks—employees can still unknowingly click on a malicious link and input their credentials. 

6. How can I ensure my password is secure? 

A computer can guess 100 billion passwords¹ every second. A strong password should consist of at least ten characters with a mix of upper- and lower-case letters, special characters, and numbers, and should be changed every 90 days. It shouldn’t contain personally identifiable information, such as a name or date of birth. The same password should not be used for more than one system.   

Password managers use strong encryption to protect passwords, making them secure and safe. You should also use multi-factor authentication for an extra layer of security, which will require a second authentication before allowing access to stored passwords. Learn more about strengthening your passwords here. 

7. Is my business vulnerable to cybersecurity threats? 

We recommend starting with a cybersecurity assessment to review vulnerabilities, awareness, and preparedness. The assessment is customized to your size and industry and aligns with the most recent Canadian and international cybersecurity standards. 

Visit our cybersecurity hub 

Developing a cybersecurity program is critical in our digital era—but you aren’t alone. If you have a cyber-related question or want to learn more about how we can support you, visit our cybersecurity hub. 

^{[1] Paul Haskell-Dowland, P. (2021, February 1). A computer can guess more than 100,000,000,000 passwords per second. Still think yours is secure? The Conversation. https://theconversation.com/a-computer-can-guess-more-than-100-000-000-000-passwords-per-second-still-think-yours-is-secure-144418.}

^Disclaimer

^{The information and comments herein are for the general information of the reader and are not intended as advice or opinion to be relied upon in relation to any particular circumstances.  For particular application, the reader should seek professional advice.}