We’ve witnessed two major cyberattacks this year: the WannaCry ransomware, which infected computers worldwide by targeting vulnerabilities in the Microsoft Windows operating system; and NotPetya, which researchers now believe was created to target the Ukrainian government. This isn’t exactly comforting for the companies outside Ukraine whose file systems were destroyed – collateral damage of an apparent cyberwar that’s still in its infancy.
As we find ourselves increasingly forced to adapt to an imminent Gigabit Society (whether we want to or not), cyberattacks will no doubt become the new norm unless greater security measures are taken. In fact, governments worldwide are already introducing regulatory regimes aimed at protecting companies and consumers from malevolent agents. Canada is no exception.
Understanding Bill S-4
Back in 2015, the Conservatives passed the ironically named Digital Privacy Act (which actually made it far easier for companies to share the personal information of clients without even having to seek their permission), also known as Bill S-4. There was, however, one aspect of the Bill that did not immediately come into effect: the section created to ensure the protection of consumers. This made it mandatory for business owners to notify consumers whenever a data breach occurs, and when confidential information is at risk of being exploited by an unauthorized third party – i.e. a criminal.
While interminable delays to the implementation of consumer protection regulations are commonplace, there are increasing rumours that the mandatory breach notification component of Bill S-4 may actually become law by early 2018, and that companies which fail to comply could face fines from $10,000 to $100,000 – not to mention the possibility of class action lawsuits brought forward by disgruntled customers.
This might not be such a big deal for massive multinational conglomerates, but for small and medium-sized enterprises lacking deep pockets and world class tech teams, this could end up being a major headache. That’s why it’s essential to start focusing on cybersecurity measures you can afford to adopt – because in a networked world, internet safety needs to be one of your primary concerns.
Let’s take a look at some of the best – and cheapest – options for those of us who have to run our businesses on a tight budget.
Up until now, not all of us have had the time to learn about the difference between trojans and worms, or to keep up to date on the latest phishing scams and spyware. But ignorance is no longer an option. If there’s an online component to your business, and you’re unaware about the most salient threats to you and your customer base, then it’s time to pay a visit to Wikipedia, or any site specializing in cybersecurity issues. Knowledge is your greatest protection.
Establish a mandatory policy for Internet safety
Every employee who accesses a company computer needs to abide by a company-wide cybersecurity policy. If you haven’t already instigated such a policy, make sure one is in place well before data breach notifications become mandatory under Bill S-4. Employees should be regularly reminded about protocols relating to social media, email, software updates, and any other online activity. Plans for how to deal with potential cyberattacks need to also be formulated and discussed, as employee vigilance is essential for any successful cybersecurity regime.
Back up, back up, back up
Another basic piece of advice: back up your data. Data storage – whether by means of an external hard drive or through cloud-based data storage – is one of the simplest ways to protect yourself from a malware attack like WannaCry, which encrypts your data so that you can’t access it. Check out this gizmodo article outlining some of your options, and save yourself a lot of potential problems in the future.
You can always try to beat hackers to the punch by encrypting your own data. Take some time to learn about Virtual Private Networks (VPN), and decide if that added level of security is what your business needs. Though it’ll require a little more time and effort, VPN encryption can prove to be an effective way to keep confidential data out of the hands of criminals.
And don’t forget: UPDATE!
Aside from educating yourself about the perils of the internet, the absolute least you should do is to make sure that your operating system is fully updated. Many of the victims of the WannaCry attack would have been protected had they simply downloaded the security patch issued by Microsoft earlier in the year.
Remember to enable automatic updates; these are basic, and often effective, security measures that are completely free.