Don’t open that email

Cybersecurity should be a top priority in today’s business world.

We’ve all seen our spam folders clogged with spelling-mistake ridden emails offering us everything from inheritances from long-lost relatives to gift cards from major retailers. We’re confident that we’re not going to fall victim to cybercrime. Not so fast.

Cyber-attacks have risen dramatically in the last two years and businesses of all sizes are vulnerable to attacks that cripple or kill successful ventures with terrifying ease. We caught up with two cybersecurity professionals to talk about what businesses can do to handle the onslaught and not get trapped in an attack.

Go phishing

Kevin Aebig, Optek Solutions

Kevin Aebig leads Optek Solutions, an IT firm based in Saskatoon. “Hands down, spam and email phishing are the cheapest, easiest way for cyber criminals to get access to your company,” says Aebig. “And they’re getting sneakier. It used to be easy to spot bad emails. It’s not as easy anymore. This is now big business in many parts of the world.”

He says that the volume of information companies share online makes it easier for cyber criminals to cause chaos. Senior leaders share information about themselves and their roles on company websites and LinkedIn, for example. With a little detective work, a phisher can pose as a leader, asking an employee for a simple, routine task via email. “For example, a phisher sends a legitimate-looking email asking for a banking information change,” says Aebig. “This has happened in many organizations and before you know it, money is gone.” He warns everyone to be suspicious when receiving unexpected emails and be especially careful with emails from strangers. “Listen to your gut feeling that something is up. Taking a second look at it and calling to confirm what’s in it can save you and your company a lot of heartache.”

Ransom note

Drew Carmichael, director of cyber security at Iron Spear Information Security, points to the dramatic rise in ransomware as another important concern for businesses and organizations. According to the World Economic Forum’s 2022 Global Risks Report, there has been a 435 per cent increase in ransomware attacks in 2020. “Ransomware has become prolific. It’s everywhere. Not only has the incidence of it increased, but so have the ransom demands,” says Carmichael.

Drew Carmichael, Iron Spear

Like phishing, ransomware often uses unsuspecting email recipients to get in the door. Once in, attackers can not only hold your vital business data for ransom, but also see what your company is doing. “I have seen cases where attackers have not only locked up data, but they have also done the same for the backups,” says Carmichael. “When faced with a demand, seven out of 10 companies pay the ransom, because it was the easiest option to get their data back.” However, even when the data is returned, the damage is often catastrophic. “The reputation of the organization is often ruined if the incident is not handled professionally and honestly. I have seen numbers that show six out of 10 organizations that fall victim to an attack and pay the ransom will ultimately fail largely due to the damage to their reputations.”

Get out and stay out

Carmichael says the first step is knowing what your data is worth to your company and how long you can be without it. “Your data needs protection, and you have to decide what that protection is worth. Ask tough questions such as how long can our company run with no access to our files? A day? A week? A month?” After that, it’s time to set up the appropriate protections to ensure your company can withstand an attack.

Aebig notes the importance that good technology management plays. “First, you need a strong firewall as the first line of defence. Then, you stay on top of all those security updates and patches. When you don’t keep your technology current, you’re opening the door to cyber threats. Finally, user training is key. Almost all cybersecurity incidents are due to human error.”

Both also say that a good cybersecurity expert can help you plan what you need to do to stay safe.

“No one in-house IT professional can do it all,” says Aebig. “Even just addressing your most important vulnerabilities is a place to start. It’s easy to be scared of the answer but think, ‘would you rather pay $1,000 now for some security today, or lose $40,000 tomorrow’?”

“Your company needs its data to run. You have to decide what you’re willing to protect,” says Carmichael. “Cybersecurity issues are not going away and staying unprepared is not the answer. Whether you need a full-time professional on staff or some meetings with a partner, you need something to protect you and someone to guide you through it.”