Get Cyber Safe tries to keep cyber security light and fun, but it is a serious and complex topic. For this blog post, Get Cyber Safe has partnered with Microsoft, who, like us, understands how important cyber security is to business. This is their perspective, and we thank them for being a dedicated partner in the cyber security of Canadians.
October is Cyber Security Awareness Month (CSAM), a time that technology, security and IT professionals and users around the world mark to discuss the vital importance of cyber security. Ensuring that our devices and networks are protected against the ever present – and growing – threat of hacks, cyber attacks and even user error is critically important every day. But CSAM gives us the opportunity to come together and celebrate the great work we’ve done and remind everyone of the need to stay vigilant.
At Microsoft Canada, we’re pleased to support the federal government’s Get Cyber Safe initiative, helping to further raise awareness and motivate action among Canadian organizations of all types toward maximizing their cyber security– in both their devices and their people.
A recent national survey conducted by EKOS Research Associates on behalf of the Government of Canada’s Communications Security Establishment compares present attitudes and beliefs about cyber security to those sampled two years ago – and the results reveal there is room for improvement.
Fewer cyber security watchdogs
The research finds that responsibility for IT and cyber security among Canadian businesses is being increasingly placed in the hands of business owners or managers, versus with dedicated in-house IT personnel or outside security partners.
Nearly half (47 per cent) of business owners or managers say they are responsible for their company’s technology and security. That’s an 11 per cent increase since 2018, while fewer companies report having a dedicated employee or outside IT services firm managing cyber security.
Business owners and managers have a broader list of responsibilities than anyone else in the company. Adding cyber security to their plate on top of everything else carries the risk that it may not receive the attention it deserves. It’s imperative that businesses keep on top of potential cyber threats, as the cost of a cyber security breach (financially or reputationally) is almost always greater than that of preventing one from happening in the first place. If it’s not possible for the responsibility to rest with a dedicated IT employee or outside service provider, it is important for business owners or managers to stay fully up to date on their cyber security skills.
Low threat perception
Another concern revealed by the research highlights the level of threat risk perceived by most Canadian businesses. More than two in five (42 per cent) companies say they believe the threat of a cyber attack is very low – about the same percentage as in 2018.
Why not? Some say they feel things are well in hand (23 per cent report having looked at potential threats and taking steps to protect their business from attack), but others either haven’t really thought about it (9 per cent) or feel that there are more pressing concerns for their business than cyber security (5 per cent).
The fact is security must be built into your operation from the outset while being maintained and upgraded consistently. Doing so will prevent you from having to spend more resources in recovering from a cyber attack.
Declining cyber security diligence
The third area red flagged by the research is a notable decline in good cyber security practices and in the direction being given to employees.
While more than half (57 per cent) of businesses say they require password access on all devices, the number who confirm having that most basic protection in place has dropped by 14 per cent over the past two years.
Similarly, password protection or user authentication for remote/wireless access is down since 2018 (from two-thirds of respondents to just over half), as is keeping security software up to date on all devices (from 69 per cent in 2018 to just 51 per cent this year).
Fewer than half of the businesses surveyed instruct their employees to take the following cyber security protections:
- Only download from trusted sources (44 per cent)
- Only click on attachments or URLs from trusted sources (41 per cent)
- Only use passwords with random combinations of numbers and letters or are otherwise very difficult to guess (41 per cent)
- Do not allow internet browsers to remember passwords (27 per cent)
Despite the fundamental nature of these directives to staff, the level at which they are being given in 2020 has declined compared to two years ago.
As concerning as these findings are, they serve as a good reminder to Canadian businesses to review their own cyber security best practices. There are many simple, easy steps that can be taken to ameliorate corporate cyber security. Every company needs to consider itself a potential target, and they can act right now to lower the risk. Visit the federal government’s Get Cyber Safe website or Microsoft’s Cyber Security Month page for helpful tips on ways to secure your organization.