Checklist and information from the Business Development Bank of Canada
Our series on Cyber Insurance continues this month with a focus on prevention. The most pressing information technology security problem facing Canadian entrepreneurs is not computer hackers. The majority of security breaches actually come from a company’s own employees.
They’re usually not doing it on purpose, though: most breaches are accidents, such as an employee mistakenly emailing confidential client information outside the company, a cashier leaving a customer’s credit card information on a publicly viewable computer, or a manager inadvertently deleting important files.
One of the most common breaches: accidentally downloading malware—those nasty little computer viruses and Trojan horses that can cause mayhem in your computer network.
Four in five Canadian small and medium-sized enterprises (SMEs) report experiencing a security problem related to information and communications technologies (ICT) caused by an employee in the previous year, according to industry research. But most SMEs don’t do much about it until it’s too late and don’t have the cyber insurance coverage required to cover the loss.
Many business owners pay lip service to tech security, but they don’t invest money in it. As a result, actions usually get postponed until the day an essential computer crashes or vital data gets wiped out in a malware attack.
And with the proliferation of mobile devices, wireless computing, and remote workers, the security challenge is growing bigger for entrepreneurs.
Evaluate your technology security
Ideally, you should regularly evaluate your IT security as part of a larger review of all your systems. The idea is to make sure your tech gear and processes aren’t out of step with your business strategy.
Here is an ICT security checklist SMEs can follow as part of this review:
- Strategy and human resources policies
- Does your company have a clear ICT security policy that’s known to staff?
- Do you have a policy on acceptable ICT use, password guidelines, and security practices?
- Do you have confidentiality agreements for contractors and vendors?
- Data backup
- For critical data (this is anything needed in day-to-day operations, including customer information), do you centralize it on a server and back it up nightly to a remote location?
- For important data (anything important to the business but that doesn’t get updated frequently), do you centralize it on a server and back it up semi-regularly off-site?
- Desktop security
- Do all computers have working anti-virus software?
- Do you have a security policy for downloading and installing new software?
- Do you have passwords with a minimum of eight alphanumeric characters that are changed every 90 days?
- Are all computers updated with the latest system updates and security patches?
- Internet and network security
- Do you have a firewall and intrusion detection on all web connections?
- Do you use a virtual private network for remote access?
- Are all modem and wireless access connections known and secured?
- Privacy and sensitive information
- Is customer financial information encrypted and accessible only to those who need it?
- Are paper files kept in locked filing cabinets with controlled access?
- Do you do a periodic audit (every six months at least) of your ICT security checklist?
According to a Leger poll commissioned by IBC in the fall of 2019, 44% of 300 small and medium-sized businesses (those with fewer than 500 employees) did not have any sort of defence against cyber attacks and 60% of these organizations did not have any cyber insurance to protect them in the event of an attack. Call us today at 1-800-265-3000 to speak to one of our brokers about how to get the protection you need.
For more tools and information for small business and entrepreneurs visit www.bdc.ca