How to protect your business from cybersecurity threats

Cybersecurity breaches are a real issue – we all know someone who has had their identity stolen or password hacked. In the past year, more than 19,000 Canadians were impact by the Equifax data breach and an estimated 90,000 Bank of Montreal and Canadian Imperial Bank of Commerce (CIBC) customers had personal data compromised.

The repercussions of these incidents goes beyond lawsuits and investigations; according to the 2018 Edelman Trust Barometer, only 49% of the general population trusts the institutions of government, business, media and NGOs.

It’s vital to have a strategy in place to protect your business from cybercrime. And while technology can help, as the old saying goes: sometimes the best offence is a good defense. Trained employees can stop criminals in their tracks. Here are my top three tips to protect against cybersecurity threats.

Ask before you click.
Email phishing is on the rise, so employees must be one step ahead. Phishing uses emails that look real and link to spoofed websites to steal information. Before clicking, ask:

  • Does this email have weird formatting or spelling/grammatical errors? (Would a colleague really misspell the CEO’s name?)

  • When hovering over link addresses, do they match the address of the real site? (If it says instead of something’s not right.)

  • Is this request reasonable or realistic? (Does accounting normally request wire transfers be sent in the middle of the night?)

Be password smart.
It’s a pain to remember different passwords for every system and accounts, I get it. But employees need to know why a strong password is essential and what good passwords look like. Help improve passwords by:

  • Teach employees how to create passwords that are hard to guess but easy to remember (replacing letters with symbols and numbers works wonders!).

  • Make frequent password changes mandatory (and discourage using the same password for every application, program and device).

  • Use two-factor authentication where possible (for example, so employees get a text when someone tries to login to their account).

Increase awareness of risks with training.

By offering yearly training programs, you can ensure employees are aware of risks. But that’s only part of the solution, you also need:

  • Ongoing updates to keep the subject top-of-mind.

  • Contests (and humour!) to keep employees engaged.

  • Posts or emails about the latest emerging threats.

At Alberta Central, we take cybersecurity seriously. We offer online privacy training courses, send monthly all-staff emails and periodic phishing tests, and post educational materials on our employee intranet. To make sure credit union branch managers and front-line employees are ready, we offer training programs on cybercrime and fraud. I’ve seen the importance of employee education first hand: following a recent awareness campaign, we saw email phishing report rates climb from 65% to 76%, right on track for financial services.
Your business, like mine, is likely trusted with some kind of personal information. So take the time to build up your human firewall to keep the criminals out.