How to improve digital security and take steps against cyber attacks
Digital security is a business must-have, especially as we hear of increasing cyber attacks on businesses of all sizes.
According to a study by Mastercard on securing the digital economy, young businesses – those under five years old – are more likely to report being hacked. The results can be the loss of sensitive financial data, personal employee information and payment card details. According to the March 2023 report, the average cost of data breaches in the U.S. and Canada is estimated at $9.4 million.
Yet, as hackers get more creative and the digital world rapidly evolves, how can small businesses, including those in the food and beverage processing sector, keep up?
The victims of cyber attacks are far from a homogeneous group. Indeed, individuals and companies, small and large, have all been targeted. This trend is not going to change, and there are two constant threats:
Ransomware: Software that blocks access to computer systems and demands payment
Phishing: The use of email, text messages or direct messages via social media to trick receivers into revealing sensitive information.
Joel Bouvier, director of cyber security and information technology with FCC, says hackers and other cyber criminals can be financially or politically motivated. Politically motivated cybercrime faces a higher threat from those trying to disrupt or compromise it since food and agriculture are part of Canada’s critical trade infrastructure.
“The challenge for small and medium businesses is understanding what’s out there and what practices they can use to protect themselves,” Bouvier says. “Take time to learn about phishing – what to look for in a message, what those suspicious indicators are.”
There are many ways to protect you and your food and beverage processing business against malicious cyber attacks. Basic steps like regularly updating passwords and software are fundamental to protecting yourself.
Here are 13 other best practices to implement in your business:
Don’t delay installation of software updates
Ensure anti-virus and security software is active on computers and other devices
Use strong passwords with letters, numbers and special characters
Use multifactor authentication, such as a password as well as phone confirmation
Do not use the same password for multiple accounts, and regularly change passwords
Have separate systems and devices for your business and personal use
Regularly back up information to additional devices or hard drives
Know what phishing is and how to avoid falling for it
Protect routers and private networks with strong passwords or encryption
Avoid open-access WIFI networks
Use a trusted Virtual Private Network (VPN) service
Map your digital network to make isolating problems easier
Call trusted IT advisors if an incident occurs or might have occurred
“Not updating devices, that’s where many of these vulnerabilities come from,” Bouvier stresses.
Operators must consider that it’s not a matter of if your business will experience a cyberattack, but when.And, he adds, many small businesses don’t have response plans. Operators must consider that it’s not a matter of whether your business will experience a cyberattack but when. Therefore, time is well spent to develop an incident response plan instead of scrambling at the time of an attack. Cybereco, a group of 30+ organizations in the business, industrial, and academic sectors that gather cybersecurity resources, has published a guide on incident management to help businesses create a plan for cyberattacks.
The Canadian Centre for Cybersecurity has also published an online guide, Get Cyber Safe Guide for Small and Medium Businesses.
Bouvier says business owners can hire a professional to assess cybersecurity and advise where to strengthen their digital office space.
In addition to a robust incident management plan, if someone in your food and beverage processing company happens to click on a malicious link in an email, it’s important to contact IT specialists within your company, other managers, and local police. The Canadian Anti-Fraud Centre and the Canadian Centre for Cybersecurity should also be notified.
Article by: Matt McIntosh