There are certain words and phrases that just bring out an almost visceral reaction: root canal, filing income tax and cyber security. While we may realize these things are necessary, and avoidance can lead to bad outcomes, they still cause us to inwardly cringe and wish they would just go away. 

Arjan van der Eijk, President of IT-WORKS Computer Sales and Repair, spoke to farmers gathered for the Huron County Soil and Crop AGM held recently in Holmesville. He presented downright scary statistics about the increase in cybercrimes, especially how these crimes are affecting small businesses. 

As if reading my mind, he pointed out that most small business owners think they are too small to be a target of cybercriminals. However, small businesses are known to not take cybersecurity seriously enough, making themselves easy targets. 

Van der Eijk spoke of some of the things many of us are guilty of doing such as using simple passwords, not doing proper backups, using the same password across multiple sites, and even storing lists of passwords in a note on a phone. These practices all make us easy targets for criminals - kind of like leaving the keys in your truck when it is parked on the edge of the field while you are working.

One of the most important things we can do as small business owners is change our mindset regarding cybersecurity. We need to see it as a real threat – cyberattacks can result in loss of data, loss of cash, and even loss of reputation. Some businesses cannot recover if the attack is serious enough. Cyber criminals often work from different countries, making it almost impossible to prosecute them after the fact. 

Once we have changed our attitude toward cybersecurity, van der Eijk provided many tips for protecting ourselves from becoming victims to cybercriminals. One of the first things is being more vigilant about having firewalls and updating security systems. Often we get messages about security updates – he stressed the importance of following through with these regularly and rebooting the system to make sure the updates are installed. “Usually these are developed to fix security vulnerabilities in the system and known loopholes that hackers have exploited recently,” he said. Getting a cyber risk assessment from your IT provider can help you develop better practices to safeguard your data, keep criminals out, and hopefully discover a breach quickly if one does happen. 

Backups are another key component to reducing risk. Many of us have gone through the era of having external backups, and we all probably know the downsides of these. We fail to be disciplined about backing up regularly, the hardware fails, we discover too late that the precious backup is no good when we need to use it. Added onto these issues, if hackers gain access to your computer, and you have an external backup connected, the first thing they do is wipe the backup drive, he explained. 

van der Eijk recommended backing up files to “the cloud”. It may seem counterintuitive to think that data is safer stored somewhere where you don’t even know where it is than on your own computer. However, van der Eijk said “it is way easier for hackers to get into your personal computer than a reputable cloud-based service.” Do not use a free service, but one that is located within Canada and utilizes technology such as custom encryption so that only you have access to the passwords. “At the end of the day, this is probably your last resort,” he added. While you can automate the backups to run regularly, he stressed that even they are not “set and forget”. It is important to test and make sure the information is there and usable if you need it. 

When asked about Apple vs Windows, van der Eijk stressed that he does not recommend Apple for business use.  “They used to be more secure, but now there is more malware targeting Macs than Windows devices,” he said. If your backups don’t work – it is very hard to contact Apple and get your data back. However, if you do choose Macs for business use, he recommended avoiding the built-in backup, instead use a different cloud-based system. 

Identity theft is another risk associated with cybercrime. van der Eijk stressed the importance of identifying and protecting personal and identifiable information that can be used to steal your identity. A hacker can call your bank using this information and pretend to be you. Evaluate whether the records on your system need to be stored – if they are not vital, delete them.  If they do need to be stored, make sure you have proper protection.

van der Eijk also recommended using a service to monitor your system so hacks can be identified quickly. Often hackers come in and do not do anything for while – all the time gathering data, even monitoring keystrokes as you work. Discovering a breach quickly allows you to change your passwords and shut them out before they can do much damage. 

Passwords. We need them to be complex enough that they can’t be easily guessed, which usually means they also can’t be remembered. But the easy ways to store them also have been shown to be the least secure. van der Eijk suggested using a service, such as Keeper Security, that allows you to safely store passwords, usually involving a monthly fee. 

It all can seem rather daunting. But there is help available. The Canadian Chamber of Commerce has also produced a guide to help small businesses protect themselves from cyberattacks. It can be found at their website at:  https://chamber.ca/ canadian-small-business-cyber-security-survival-guide/.

As with many things in life, you can improve the things you pay attention to. Cybercrime is on the rise and artificial intelligence is just going to make this worse. Talk to your IT provider, set aside money and time to devote to protecting your business and personal assets. It is much easier to pocket your keys than watch as your truck disappears down the road in a cloud of dust. ◊