5 Reasons Small Businesses in Canada are Easy Targets for Hackers
VAPT: How it Can Save Your Business
November 13, 2018
Internet Connection Goes Down: What Happens to my Business?
December 11, 2018
5 Reasons Small Businesses in Canada are Easy Targets for Hackers
We hear about cyber attacks and data breaches on the news every day. However, the most publicized are usually the biggest and the baddest of the cyber crimes. We all hear about it when companies like Uber, Apple, Amazon or the Canadian banks get hacked. If you are running a small business, beware; you are indeed a potential target.
Some of the most talked-about cyber attacks and data breaches:
- Bell Canada suffered a breach that affected 1.9 million customers;
- 815,000 Canadian users of Uber were exposed in a hack of data of 57 million users;
- Every single Yahoo account of over 3 billion users was compromised;
- Hackers stole 40 million credit and debit card information under the control of Target;
- On December 21, 2017, Nissan Canada Finance revealed that 1.13 million customers had their personal information stolen;
- Real names, home addresses, search history and credit card transaction records for clients of Ashley Madison;
- McDonald’s Canada, Casino Rama, Canadian Tire, Shopper’s Drug Mart, Sony, Home Depot– the list goes on.
As a show of how powerful these hackers can become with these attacks: Uber actually kept the data breach a secret for more than a year after it occurred. They even ended up paying a $100 000 USD ransom to the hackers, according to the New York Times.
As a small business owner, you may be thinking your company is not worth it for hackers.
This is simply, and unfortunately, not true at all. There are many reasons for them to target small businesses. In fact, hackers perform cyber attacks on small businesses quite often- studies show that over 60% of cyber attacks are on small businesses.
Here are the top 5 reasons small businesses are easy targets for hackers:
- Small companies lack secure networks
- They are more willing to pay than large organizations that have disaster recovery plans or data backups
- All too often, small businesses do not consult with an IT company
- Companies do not understand how vulnerable they are
- Many business owners do not realize how real the risks are until it’s too late
All it Takes is One User to be Tricked into Clicking a Link
Since small businesses don’t usually have the capital or funding required to keep up with security, they are the most vulnerable of all. In fact, over 60% of small to mid-sized businesses will fail within 6 months of experiencing a cyber attack, according to the National Cyber Security Alliance. They also found that more than 60% of cyber attacks deliberately target small businesses, and nearly half of all small businesses have already experienced a cyber attack.
Ginni Rometty, Chairperson, President and CEO of IBM stated:
“…cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.”
When hackers obtain credit card information, the owner of the card generally cancels the service very soon. Credit card companies and banks are doing more to help their customers monitor their credit accounts, however this is not where the threat ends. Aside from credit card information, scam artists can find ways to obtain other sensitive information. By getting their hands on other details, such as full names, home addresses, email addresses, and of course, social media profiles- these hackers make identity theft a very possible threat.
Cyber attacks can go unnoticed for months- especially when it comes to small business operations.
Since most hackers are opportunists who don’t want to take any unnecessary risks, smaller organizations are the perfect target because they don’t take security seriously enough.
Consequences for Small Businesses: Victims of Cyber Attacks
Privacy laws have been changing drastically over the past decade. With the acceleration of technological development, and the sheer number of people online, the laws needed to adjust to stay relevant. Canadian companies have to publicly disclose any data breaches. The Personal Information Protection and Electronic Documents Act, or PIPEDA, has been adjusted, and now (as of November 1st, 2018) requires a certain level of response to data breaches, including enhanced record-keeping, reporting and notification.
This could cause negative repercussions for businesses, such as loss of customer confidence and potential lawsuits.
Although this is a good step in the right direction for consumers, this could severely damage the reputation of a business. Small businesses are likely to go out of business within 6 months, if the data breach is bad enough. It can take consumers years to recover from identity theft; after this type of breach, they will not feel so comfortable with the company. It can take years for a small business to recover from a data breach…if they ever recover at all. Firms that operate unprotected face huge potential risks, and will inevitably face increasing data breach-related costs.
According to the federal government, about 70% of Canadian businesses have been victims of cyber attacks. The average cost is $15 000 per incident.
Canadian businesses are lacking when it comes to keeping up with the pace of technology. Cyber crime is everywhere, and progressing at lightning speed. In the meantime, Canadian companies are very slowly becoming aware of the risks. There are only 3 countries in the world that have been attacked more than Canada: USA, Germany and the UK- in that order. Hackers are not necessarily the imagined, rogue-like, technical geniuses from the movies. They range from nation states to organized crime. They could be terrorist groups, journalists, disaffected current/ former employees, amateurs- just about anyone!
