In honour of the annual Cyber Security Awareness Month, (which happens to always be October), the Insurance Bureau of Canada (IBC) recently published the results of its 2023 Cyber Security Survey, and the results were somewhat surprising for those of us in the insurance business. Over 60% of small business owners believe their company is too small and insignificant to be targeted by cyber criminals. That number rises to 73% for sole proprietors.
At the end of 2021, out of the approximately 527,000 businesses in Alberta, 87% had fewer than five employees, about 9% had between five and 19 employees, only 3% had between 20 and 99 workers and just 0.6% had more than 100 employees. That means that 99.4% of businesses in Alberta are classified as “small.” Of those, more than 316,000 business owners don’t think cyber criminals are interested in them.
This is concerning, as cyber experts are well aware of the fact that cyber criminals are constantly attempting to gain access to internal networks, often sending out thousands of phishing emails at the same time. Everyone is a potential target, and employees are usually the weakest link. In fact, the IBC survey revealed that 75% of employees admit to taking actions that pose a risk to their company’s cyber security.
And while the majority of small business owners seem to be apathetic about cyber security, employees have voiced their concerns.
- 25% of employees feel they don’t have the tools and training needed to identify potential cyber threats at work
- 22% of employees are worried their actions could contribute to a cyber attack or data breach
- 10% of employees have shared confidential information with a publicly available chatbot or artificial intelligence platform.
How employees threaten cyber security at their place of employment
Employees, even the most well-meaning, can inadvertently pose significant risks to their company’s cyber security in several ways. When we’re tired, not paying attention, in a rush, or even at the best of times, it’s very easy to fall victim to phishing emails, which is by far the most popular scamming method these days.
Key tips on how to recognize a phishing email include:
- Messages urging you to take action immediately, that may even include a threat
- Emails from an unknown sender, or an email address that appears to be from a known sender until closely inspected
- Bad spelling and bad grammar in the content of the email
- Generic greetings (when the message supposedly comes from someone or an organization you know)
- Suspicious links and attachments (and coercive messaging to click or download either)
When employees click on malicious links or download infected attachments, they provide cybercriminals with a foothold into your business’s network.
Additionally, as more employees are remote these days, they may be using their work computer to log on to unsecured networks and visit unsecured websites. These actions also open the door to hackers, and privacy breach insurance is a help to business owners.
Weak passwords also make it easier for hackers to compromise accounts. A good rule of thumb for creating strong passwords is a combination of letters, numbers, and special characters. Employers should also encourage employees to use a secure password manager.
Unfortunately, insider threats are a substantial risk. Employees with malicious intent, whether current or former, can intentionally compromise security by stealing your sensitive data to sell to others, or by disrupting operations. Because they have intimate knowledge of your business’s systems, their actions can be particularly damaging.
Invest in business cyber insurance and cyber security training
Business cyber insurance is an affordable addition to your business insurance package. Give us a call at Lane’s to speak to one of our knowledgeable insurance brokers who specialize in keeping businesses safe.
Some of the events business cyber insurance will protect your business from include:
- Data confidentiality breaches such as the loss of and/or unauthorized access to or disclosure of confidential or personal information
- Cyber extortion such as a demand for payment while threatening to disrupt your data
- A technology failure or denial-of-service attack
Costs associated with loss due to a cyber attack will be covered through business cyber insurance, including:
- Payment for legal representation
- Harm mitigation from a breach, including notifying affected parties and the provision of free credit monitoring
- The hiring of experts to help prevent further attacks
- Data restoration
In order to prevent an attack in the first place, business owners (including sole proprietors) should invest in cyber security training. Remember that it needs to be consistent in order to be effective.
Regular sessions should include the most recent updates on new types of cyber attacks, continuous phishing awareness, password security, and safe online practices. Some companies have implemented simulated attack drills, which work well to prepare employees for real threats. Clear policies regarding the completion of training and reporting mechanisms should be in place, which will help to keep cyber security top of mind throughout your organization.
Cyber insurance Calgary: Coverage for the modern world
Lane’s Insurance is a leading Alberta-based brokerage, providing complete insurance solutions for both homeowners and businesses. Lane’s works with the province’s most trusted carriers to protect you from today’s advanced digital threats, and much more.
To learn more, or to obtain a quote, please contact us in: