1 Products and services may be offered by Royal Bank of Canada or by a separate corporate entity affiliated with Royal Bank of Canada, including but not limited to Royal Mutual Funds Inc., RBC Direct Investing Inc. (Member–Canadian Investor Protection Fund), RBC InvestEase Inc., RBC Global Asset Management Inc., Royal Trust Company or The Royal Trust Corporation of Canada
A recent RBC poll revealed that 44 per cent of business owners anticipate becoming a victim of cybercrime in the next 12 months. Given the steady increase in cybercrime incidents in Canada, owners are on guard and aware of the risks. But how can owners defend their businesses against them?
Joining the webinar How to Protect Your Business from Fraud and Cyber Threats in 2023 is Michael Argast, CEO and Co-Founder of Kobalt.io, a leading Canadian firm that manages all aspects of cybersecurity programs for small and medium-sized businesses.
Catch an on-demand recording:
How to Protect Your Business from Fraud and Cyber Threats in 2023
Jim Mills, Senior Director, Cyber Resiliency and Response at RBC joins the panel to discuss the top schemes cybercriminals are using and how owners can combat cybercrime. [English event]
According to Statistics Canada 2021 data, 16 per cent of small businesses, 25 per cent of medium-sized businesses, and 37 per cent of large businesses have reported being impacted by cyber security incidents. As Argast explains, cyber incidents usually happen when a fraudster gains access to a business email system and waits for the right opportunity to come along — then they go into action.
Indeed, Business Email Compromise (BEC) continues to be a very successful access point for businesses. A scam that involves an attacker gaining access to a business email account and imitating the owner’s identity, BEC is a popular tactic to defraud a company, its employees, customers or partners.
Argast provides steps to help protect clients and employees from BEC scams:
Have clear procedures for validating and identifying callers prior to giving out any privileged information
Establish processes around requests to change payment, account or contact details (i.e., do not confirm details in an email response — pick up the phone!)
Maintain separations of duties for employees creating payments and those approving them
Carefully look at business emails to ensure the address is recognizable and phone numbers are accurate
Ransomware is another type of threat that gets significant attention in the media — and is popular with cyber criminals. In this instance, criminals hold data hostage, looking for some form of payment. “Cyber gangs have proliferated now and rival the world’s largest drug cartels for sophistication,” says Mills. “A growing number of these cyber gangs operate ransomware as a business model and sell stolen data on the dark web,” he adds. A ransom could cost $100,000 – $200,000, although an IBM analysis last year showed some as high as $40 million.
While there are a number of steps you can take to help protect yourself from a ransomware attack, Mills’ top three are:
Apply software updates and patches to keep systems up to date
Change default passwords
Train staff to recognize suspicious emails
The importance of employee awareness and training programs
Training your staff is one of the most important elements in protecting a business from becoming a victim of cybercrime — and it’s a fundamental service Kobalt.io provides.
“One of the things I learned over the last couple of years is the impact of operating on a remote basis — when I can’t just walk across the hall and have a conversation with my team, it’s a bit harder to know what’s going on,” he says. So Kobalt.io developed employee training and implemented phishing tests to help their teams identify suspicious emails. “It helps to keep the team aware of the potential risks, and as a business owner, it gives me peace of mind that we’re doing all we can to ensure the safety of our finances and operations.”
After all, many businesses have introduced new communications channels to help keep teams connected in recent years — and more channels mean employees can get overloaded with messages.
“When we’re dealing with a volume of messages coming at us every day from diverse channels, it’s hard to be as consistently vigilant as when we were just concerned about email scams.” However, as Argast further explains, the multi-channel environment offers an alternate communication method to validate a suspicious email or text.
The one thing business owners should do to help protect themselves
Recognizing that business owners — particularly small business owners — have budget and resource constraints, the idea of implementing sweeping cyber security measures may feel out of reach. Argast and Mills, therefore, offer the one thing they feel owners should do to keep their businesses, their clients and their employees secure.
Argast: User/Employee education
Michael Argast emphasizes that user education is critical to long-term success. “It will help build a culture of talking about and thinking about security in your organization.”
Mills: System patching
Jim Mills feels the single biggest impact a business can have on their cyber security is to keep systems up to date by patching. “More and more vulnerabilities are being realized, and more and more software is being developed,” he explains. “Generally, the way into organizations is by taking advantage of these vulnerabilities that provide access to the systems.” So it’s important when you and staff receive official notifications to update software, it’s done on time.
Mills also recommends having a cyber security crisis management plan. If you need help getting started, RBC offers a template business owners can use as a foundation for managing cyber security incidents.
This article is intended as general information only and is not to be relied upon as constituting legal, financial or other professional advice. A professional advisor should be consulted regarding your specific situation. Information presented is believed to be factual and up-to-date but we do not guarantee its accuracy and it should not be regarded as a complete analysis of the subjects discussed. All expressions of opinion reflect the judgment of the authors as of the date of publication and are subject to change. No endorsement of any third parties or their advice, opinions, information, products or services is expressly given or implied by Royal Bank of Canada or any of its affiliates.