Protect your organization from cyber risk

Protect your organization from cyber risk

Incidents of cyber crime – particularly ransomware attacks – have drastically increased since the start of the COVID-19 pandemic. As more people began to work from home, more criminals began to prey. Many small businesses adopted digital processes and moved some of their business online, and cyber criminals found yet more opportunities.

A cyber attack can be expensive. According to a 2021 IBC survey, almost half of the small business owners that had been subject to a cyber attack reported that it had cost them at least $100,000. A report by the law firm McCarthy Tétrault estimates that paid ransoms and the resulting lost productivity from ransomware attacks cost Canadian organizations $4 billion in 2020 alone.


Cyber protection doesn't need to be costly or complicated. The Canadian Centre for Cyber Security has outlined a number of measures that small businesses can take to protect themselves against cyber attacks, including the following:

Develop an incident response plan

If you have a plan, you can quickly respond to incidents, restore critical systems and data, and keep service interruptions and data loss to a minimum. Your plan should include strategies for backing up data.

Use strong user authentication

Implement user authentication policies that balance security and usability. Ensure your devices authenticate users before they can gain access to your systems. Wherever possible, use two-factor authentication or multi-factor authentication.

Enable security software

Activate firewalls and install anti-virus and anti-malware software on your devices to thwart malicious attacks and protect against malware. Ensure you download this software from a reputable provider. Install Domain Name System (DNS) filtering on your mobile devices to block out malicious websites and filter harmful content.

Patch operating systems and applications

When software issues or vulnerabilities are identified, vendors release patches to fix bugs, address known vulnerabilities, and improve usability or performance. Where possible, enable automatic patches and updates for all software and hardware to prevent threat actors from exploiting these issues or security vulnerabilities.

Back up and encrypt data

Copy your information and critical applications to one or more secure locations, such as the cloud or an external hard drive. If a cyber incident or natural disaster happens, these copies can help you continue business activities and prevent data loss. Backups can be done online or offline and can also be done in three different iterations: full, differential or incremental. Test your backups regularly to ensure you can restore your data.

Train your employees

Tailor your training programs to address your organization's cyber security protocols, policies, and procedures. Having an informed workforce can reduce the likelihood of cyber incidents.

The following government and third party resources provide more in-depth information to protect yourself or your business from cyber threats: