In Canada, ransomware attacks are on the rise; Canadians have lost $4.9 billion to ransomware attacks in the last year. Attacks are up 158 per cent in North America and 62 per cent globally since 2019 and yet not many want to talk about it. Potential victims are everywhere, including individuals and businesses – essentially anyone or any organization with an online presence.
What do Canadian businesses need to know about new regulations?
Canadian businesses operating online without appropriate security mechanisms are leaving themselves exposed to cyber threats, and the insurance industry is responding with new requirements. Canadian cyber insurance companies now require insured businesses to offer multi-factor authentication (MFA) and have cybercrime/data breach response plans in place. Businesses must prove they have adequate online security to protect their customers’ identity, their employees’ identity and sensitive information if they want insurance against cyber-attacks and data breaches. These new requirements will impact nearly every business that has an online presence.
How can businesses protect themselves?
Start by rethinking data security. Security used to mean locking down end points and networks, but there is no network safe perimeter anymore. Your organization’s data security is now walking around in the pockets and purses of employees and customers as they use their smartphones to work, shop and connect on all matters of life and business. Next, take a look at what your insurance provider requires before covering your organization.
The state of Canadian cyber security
Prior to these new regulations, Canadian businesses were already recognizing the critical need for investing in cyber security. In 2019, Canadian businesses overall spent $7 billion to prevent, detect, and recover from cyber-attacks.
These increasingly frequent and large cyberattacks potentially expose sensitive information and can result in significant financial losses. Data breaches and cyberattacks also erode customer trust and damage business reputation. They take a significant amount of money to resolve and to recover the lost information. Rebuilding a business’s reputation can take longer, and in some cases the damage may be permanent.
What is multi-factor authentication (MFA)?
MFA is a cybersecurity measure that requires users to provide multiple factors verifying their identity before gaining access to a network, account, or online operating system. Best practices for business security no longer include single password systems. Most online users are familiar with this system; however, an MFA takes it to the next step.
MFA users must provide a password and verify access by inputting a code (often sent to another device), or confirm access with biometric data, such as a fingerprint, or by facial recognition. This multi-step process offers considerably more security than the traditional single password. Single passwords can be cracked or hacked and then widely distributed – anyone can gain access to your company’s, employees’, or customers’ identities.
How do I adopt multi-factor authentication for my business?
The best cyber security practices for most businesses include implementing MFAs in three areas:
1. Remote networks
2. Administrative access, and
3. Remote access to email.
Secure email access and secure remote network access is crucial for any employers shifting to more permanent work-from-home or hybrid office/home models with their employees. Remote network access MFAs decrease the risk of a security breach due to password theft, and for those with administrative access, MFAs limit a hacker’s ability to gain broader access to a compromised network. Email servers with MFAs reduce the risk for access and control of corporate email accounts, which often house sensitive data.
The cost of MFAs
Many businesses are resistant to implementing MFAs due to the assumed cost of new IT tools and security measures. In reality, there is little added cost to implementing MFAs, provided you work with an expert that can adapt your organization’s current infrastructure. Hybrid solutions are out there that can merge on-premises and legacy systems with cloud-based technology, as well as building a completely customizable system.
Addressing the threat of cybercrime does not have to be complicated. An added layer of security to an organization’s existing online business infrastructure can be an effective solution, and will help meet the more stringent requirements from insurance providers.