Protect your organization from cyber risk Protect your organization from cyber riskIncidents of cyber crime – particularly ransomware attacks – have drastically increased since the start of the COVID-19 pandemic. As more people began to work from home, more criminals began to prey. Many small businesses adopted digital processes and moved some of their business online, and cyber criminals found yet more opportunities. A cyber attack can be expensive. According to a 2021 IBC survey, almost half of the small business owners that had been subject to a cyber attack reported that it had cost them at least $100,000. A report by the law firm McCarthy Tétrault estimates that paid ransoms and the resulting lost productivity from ransomware attacks cost Canadian organizations $4 billion in 2020 alone. Cyber protection doesn't need to be costly or complicated. The Canadian Centre for Cyber Security has outlined a number of measures that small businesses can take to protect themselves against cyber attacks, including the following:Develop an incident response planIf you have a plan, you can quickly respond to incidents, restore critical systems and data, and keep service interruptions and data loss to a minimum. Your plan should include strategies for backing up data.Use strong user authenticationImplement user authentication policies that balance security and usability. Ensure your devices authenticate users before they can gain access to your systems. Wherever possible, use two-factor authentication or multi-factor authentication.Enable security softwareActivate firewalls and install anti-virus and anti-malware software on your devices to thwart malicious attacks and protect against malware. Ensure you download this software from a reputable provider. Install Domain Name System (DNS) filtering on your mobile devices to block out malicious websites and filter harmful content.Patch operating systems and applicationsWhen software issues or vulnerabilities are identified, vendors release patches to fix bugs, address known vulnerabilities, and improve usability or performance. Where possible, enable automatic patches and updates for all software and hardware to prevent threat actors from exploiting these issues or security vulnerabilities.Back up and encrypt dataCopy your information and critical applications to one or more secure locations, such as the cloud or an external hard drive. If a cyber incident or natural disaster happens, these copies can help you continue business activities and prevent data loss. Backups can be done online or offline and can also be done in three different iterations: full, differential or incremental. Test your backups regularly to ensure you can restore your data.Train your employeesTailor your training programs to address your organization's cyber security protocols, policies, and procedures. Having an informed workforce can reduce the likelihood of cyber incidents.The following government and third party resources provide more in-depth information to protect yourself or your business from cyber threats:Learn more about COVID-19 Cyber Security for Small and Medium Organizations: Canadian Centre for Cyber SecurityTake Get Cyber Safe's simple steps to protect yourself online: Get Cyber SafeCreate a personalized plan to secure your data: Security PlannerPrint and share these tips from Communications Security Establishment: Cyber Hygiene Consider Canada's cybersecurity certification program for your small or medium-sized organization: CyberSecure Certification Useful LinksConsumer Reports Security PlannerCut down on data collection and prevent hackers from invading your laptop, tablet and even your phone. Answer a few simple questions to get customized recommendations to help you: Safely backup files, Browse online without tracking, Avoid phishing scams & Prevent identity theftCyber Centre reminds Canadian critical infrastructure operators to raise awareness and take mitigations against known Russian-backed cyber threat activityAs geopolitical tensions continue to rise, Canada’s Cyber Centre is following the cyber threat environment in Canada and globally, including cyber threat activity directed at critical infrastructure network operators, their operational and information technology (OT/IT).Top measures to enhance cyber security for small and medium organizationsLooking for steps you can take to protect your organization’s networks and information from cyber threats? To get you started, we have summarized the 13 security control categories that are identified in our Baseline Cyber Security Controls for Small and Medium Organizations and form the foundation for the CyberSecure Canada Certification program.Get Cyber SafeWhen it comes to cyber security, educating your employees is the first, best defense against most online dangers. And there are many ways to help them get the message, from internal newsletters and staff emails to seminars and lunch and learns.CyberSecure CanadaCyberSecure Canada is the federal government’s cybersecurity certification program for small and medium-sized organizations (SMOs).