Key cybersecurity questions answered

If you’re thinking about enhancing your business’ cybersecurity, you’re not alone—more than half1 of Canadian organizations have implemented additional security measures in the past year.

We address some of the most frequently asked questions—from password protection to insurance—to demystify Cybersecurity and help safeguard your organization.

1. How can a cyberattack be prevented?

Many businesses don’t think about cybersecurity threats until it’s too late. The good news is that cyberattacks are preventable with a proactive plan and effective cybersecurity policies. This can include the following:

  • Build a human firewall. Your best defense is your people. cybersecurity awareness training and regular testing can enable your team to identify potential attacks and protect your systems against a range of threats—from social engineering schemes to phishing, vishing and smishing.
  • Conduct annual cybersecurity assessments. Cybercriminals are increasingly sophisticated. Invite us to evaluate the effectiveness of your cybersecurity program at least annually.
  • Establish cybersecurity best practices. This can include password policies, system patching policies, and acceptable use.

2. What is the difference between IT and cybersecurity teams? Does my business need both?

IT and cybersecurity teams offer optimal protection when working in tandem. IT teams create policies and procedures to ensure that networks are operational while protecting the availability of digital information and physical devices. cybersecurity teams are typically outsourced—they can conduct awareness training, assessments, and vulnerability scans, as well as focusing on the confidentiality and integrity of data and systems from internal and external threats.

3. What should my business consider when developing a cybersecurity strategy?

People, processes, and technology are the three pillars of a comprehensive cybersecurity strategy. We recommend examining your organization’s governance structure, identifying your most valuable assets, auditing your employees’ cybersecurity skillsets and assessing your organization’s key threats.

4. How can cybersecurity insurance protect my business?

cybersecurity insurance won’t stop a cyberattack from occurring, but it can limit your financial exposure. Policies generally cover costs associated with a forensic investigation, extortion from a ransomware attack, or a lawsuit. Policies don’t typically include future lost profits, decreased value due to reputational damage, or costs associated with preventative upgrades to IT systems.

cybersecurity insurance is only one component of your risk management program. It’s just as important (if not more so) to have other appropriate controls in place to prevent and detect cyberattacks.

5. Is it risky to grant employees full administrative access on their company computers?

Granting employees full administrative access on company computers is a high-risk practice since they can install new software, add accounts and alter systems. If an employee clicks on a phishing email that contains a malicious attachment, the associated malware can do more damage to the user’s computer given the elevated permissions they have.

That said, denying administrative access doesn’t eliminate cybersecurity risks—employees can still unknowingly click on a malicious link and input their credentials.

6. How can I ensure my password is secure?

A computer can guess 100 billion passwords2 every second. A strong password should consist of at least ten characters with a mix of upper- and lower-case letters, special characters and numbers, and should be changed every 90 days. It shouldn’t contain personally identifiable information, such as a name or date of birth. Two-factor authentication adds an extra layer of protection and is considered the only “good” password configuration. The same password should not be used for more than one system.  

Password managers use strong encryption to protect passwords, which makes them secure and safe to use. You can also use multi-factor authentication for an extra layer of security, which will require a second authentication before allowing access to stored passwords. Learn more about strengthening your passwords here.

7. Is my business vulnerable to cybersecurity threats?

We recommend starting with a cybersecurity assessment to assess vulnerabilities, awareness, and preparedness. The assessment is customized to your size and industry and aligns with the most recent Canadian and international cybersecurity standards. You can learn more about our cybersecurity assessments here.

Visit our cybersecurity hub

Developing a cybersecurity program is critically important in our digital era—but you aren’t alone. If you have a cyber-related question or would like to learn more about how we can support you, visit our cybersecurity hub.

The information and comments herein are for the general information of the reader and are not intended as advice or opinion to be relied upon in relation to any particular circumstances.  For particular application, the reader should seek professional advice.

[1] Canadian Internet Registration Authority (CIRA). 2020 CIRA Cybersecurity Report. Retrieved from

[2] Paul Haskell-Dowland, P. (2021, February 1). A computer can guess more than 100,000,000,000 passwords per second. Still think yours is secure? The Conversation.

Related content

View more


Get the latest insights in your inbox.

Subscribe to receive relevant and timely insights and event invitations.