Cybersecurity for Ontario Businesses

If you are in a position currently in your business where you are saying I think our IT company or person has your network protected. Or I think we are compliant because I saw we checked off those questions on the insurance survey. You will want to keep reading. Most businesses think the insurance company will cover losses and expenses if a breach occurs but your business will be significantly impacted. Instead of thinking your staff is being smart and not putting you at risk because they “know” not to click on strange e-mails. Businesses are putting cybersecurity training in place. There have been significant changes over the last few years in the impact of cyber-attacks, new regulatory compliance law about what YOU as a business owner are responsible for, what insurance will cover (and what’s necessary to make sure your claim is not denied) and IT protections.

With all the changes, I can assure you of this: the plan you put in place a year or two ago to deal with IT security and risk is no longer viable. This is not just about meeting government standards around PIPAA,PHIPA, GLBA, PCI compliance, etc. This is about making sure you completely understand the risks associated with a cyber-attack, IT failure or employee mistake and the costs, consequences and damage that will result for your business. All businesses that were breached last year were operating under the incorrect assumption that they were “secure enough,” and they underestimated the costs and wide-reaching negative impact a breach would incur. Their trusted team of “experts,” who are supposed to be informing them and protecting them, are FAILING to do their job. You are very likely in the same situation.

This means if you were to experience a breach, your staff would instantly be hit with a ton of recovery from the breach, dealing with insurance auditors, and attorneys who will overwhelm you with things they need. You would also be financially devastated by the fines, emergency IT services, legal fees and services you would be forced to buy just to get back up and running. Worse yet, there is a very good chance your insurance claim could be denied or not fully paid out due to failure to document the systems and procedures your business practices.

“A Breach Won’t Happen To My Business…We’re Too Small. My Staff Is Too Smart. We’re Good,” You Say?

Don’t think you’re in danger because you’re a “small” business and don’t have anything a hacker would want? That you have “good” people who know better than to click on a bad e-mail or make a mistake? That it won’t happen to you? It makes you easier prey because there are often limited protections in place, small businesses are the target because you’re infinitely easier to compromise. Cyber criminals run grand-scale operations using automated software that works 24/7/365 to scan the web to indiscriminately target as many victims as they can. That’s why running a dark web scan regularly on your business is so important.

Several industry sources point to the fact that 85% of small and medium-sized businesses are NOT financially prepared to recover from a cyber-attack, yet it’s getting more difficult by the day to get insurance coverage for such incidents. Further, insurance claims are being denied. Why? Because the businesses who bought the insurance policies agreed to adhere to and implement critical protections in the application, but then didn’t follow through on ensuring they were.

The average ransomware demand may be payable but if it happens once guaranteed a hacker will try to collect again and again. – and is on the rise. And that does not include legal fines, lawsuits, emergency IT support services for recovery of your systems and clients and revenue lost.

How Bad Can It Be?
My Insurance Will Cover Me, Won’t It?

Insurance companies are in the business to make money, NOT pay out policy claims. For starters, getting even a basic cyber-liability policy today may require you to prove you have certain security measures in place, such as multifactor authentication, password management, anti-phishing technology, employee awareness training, and immutable data backup in place. These carriers want to see phishing training and cyber security awareness training in place, and some will want to see a WISP and/or a Business Continuity Plan from your organization. Depending on the carrier, your specific situation and the coverage you’re seeking, the list can be longer.

Insurance carriers can (and will) deny payment of your claim if you failed to implement the security measures required to secure coverage. When a breach happens, before paying out, they will investigate how it happened and whether or not you were negligent.

They might show evidence of you refusing to purchase advanced security services from them to further distance them from any responsibility. And if you haven’t been documenting the steps you’ve taken to secure personally identifiable information (PII) to prove that you were not “willfully negligent,” this gigantic, expensive nightmare will land squarely on your shoulders to be paid for out of your pocket.

How Can Your Business Be Damaged By Cybercrime
And A Known Data Breach Of Patient Data?

Maybe you feel comfortable with your current security protocols and are willing to take the risks. But what about your clients? Do you believe they would have the same tolerance for risk when it comes to their private information, credit cards, Social Security number, cellphone, e-mail, etc.?

Will You Wait Until You Actually Have A Breach Or Report Filed Against You Before Doing Something About It?

Over half of all home security systems and cameras are bought (or beefed up) by homeowners after a burglary or home invasion.

The time to have an in-depth, fresh look at your IT and data security is right now, when there is no crisis happening, no auditors calling, no security breaches occurring.

Our Free Preemptive IT Security Risk Assessment Will Reveal If Your Current IT Company Is Doing What They Should

• Whether or not your systems and data are truly secured from hackers and ransomware, and where you are partially or totally exposed.
  
  
• If your data is actually being backed up in a manner that would allow you to recover it quickly in the event of an emergency or ransomware attack.
  
  
  
• Whether you can lower the overall costs of IT while improving communication, security and performance, as well as the productivity of your employees.

 Call us today at 416-900-6047 to schedule a quick call or your assessment today.