Small office Cyber Security? Executive Summary Below…
Do you believe your company is secure against even the most basic of malicious hackers? These would be known as “Script-Kiddies” who scan a network for easy vulnerabilities and run well-known critical vulnerability exploits (CVE’s) against the detected low hanging fruit.
In the past, many believed they were safe from the online world by ‘security through obscurity’. The logic was that there is so much out there and so many other, more juicy targets to go after, that a hacker or black hat wouldn’t possibly want to go after your company. This belief has greatly led to the demise of Canadian small-business IT security.
Regularly, companies are being poached for their data and information. It could be for any number of reasons. Competitors seeking to disrupt your critical business operations, a single person looking to easily obtain many people’s personally identifiable information for identity theft activities or someone looking for a good vector to download highly illegal media such as child pornography or illegal software via the Tor network or, BitTorrent.
Your company is liable for any/all of those infringements if you did not take all reasonable precautions against them.
Last year, Walmart Canada was sued along with one of its subcontractors in regards to a data breach of their online PhotoCenter service. They settled for 1.25 million during this class-action lawsuit, not admitting to any of the faults.
More recently, Uber was hacked and failed to disclose that 57 million users personal information was taken by two individuals. Six months later, they advised various law enforcement and government agencies that they were hacked and violated many US Federal laws regarding personally identifiable information. They paid the ransom the hackers were asking, which was $100,000 USD.
Walmart Canada can handle 1.25 million CAD, Uber can easily handle $100,000 USD, but could you or your company? Would you want to?
Also in 2017, Bell Canada was hacked.
Every single day, much smaller businesses are hacked. Most don’t even know it happened or is currently happening. One of a hacker’s first steps, when they’ve entered your network, is to ‘pivot’ and ‘cover tracks’. Essentially, they breach another system on your network and then wipe logs or remove all traces if possible, of their entry.
Are you afraid yet?
The good news for your company is that it’s not that hard to perform your due diligence as a small business, and secure your customer’s and patients personally identifiable information. It should be considered part of the ‘cost of doing business’ and very soon, it will be. The Government of Canada has already amended a Federal Law (Federal Information and Protection Act -FIPS) to enforce that any company must (shall) declare to the Privacy Commissioner of Canada if a breach has occurred. Think about that for a moment and decide if it’s worth it to secure your infrastructure.
Firstly, you should check off the ‘Top 10’ items that the Canadian Communications Security Establishment has listed. Achieving these first 10 critical steps is practical, reasonable and relatively inexpensive.