Is your small business at risk from a cyber-attack?

7 min read
Emma Wardill

From multinational hacking events to the Service Canada scam, new cyber security threats seem to be emerging at an alarming rate.

Small businesses can be particularly vulnerable to online security risks and the impacts can be devastating.

Not only can a cyber threat cost your business money and time, it can also risk exposing your customers too, particularly if you collect and store their personal data.

However, you don’t need to be an IT security expert to take steps to protect yourself and your business from bad actors online.

In light of recent hacking incidents, it’s a good time to lift the bonnet on your business and see if there’s any security tweaks you can make to help keep you and your customers safe.

How do I know if my business is at risk?

Nearly 86% of Canadian companies experienced at least one cyberattack in 2021. So, it’s safe to assume that a threat exists for all businesses, particularly those:

  • With eCommerce sites that handle customer credit card details and logins
  • That store any kind of personally identifiable customer data

Business email compromise is also a significant threat.

The average ransomware remediation cost for companies in Canada is $1.92 million, above the global average of $1.85 million.

Person looking at a laptop showing a padlocked door

With the rate of cybercrime growing and the significant financial risk attached, it makes sense to take steps to protect yourself even if you don’t think it can happen to you.

A GoDaddy survey last year found that 68% of the business owners who responded agree that small businesses are at risk from cyberattacks, but only 12% know how to deal with them.

What are the risks?

Understanding where the potential cyber threats come from is the first step in understanding how to protect yourself.

There are a number of ways malicious actors can execute a cyber-attack. Here are the most common.

Malware (Malicious Software) – unauthorised software like a virus that can give criminals access to your systems to steal important information like credit card details and passwords.

Malware can sneak in and allow a criminal to take control of your computer or to spy on it, often without you even knowing about it.

Scam messages (phishing) – these are emails, social media messages, texts or calls designed to trick you or your employee into handing over money or data. Recent examples include the fraudulent emails sent out under the name of the Canadian Anti-fraud Centre warning that it has received a complaint about the recipient.

Other phishing scams include criminals pretending to be from a bank or institution and requesting personal or account details.

Ransomware – a form of malicious software that locks your computer or prevents access to files until you pay a ransom fee. Earlier this year, Costa Rica declared a national emergency after a ransomware attack breached the government.

So, what can I do to protect my business?

With multinationals and even governments coming under threat from hackers, the task of protecting your small business systems might seem daunting.

There are some basic steps you can take today to make yourself and your small business safer online.

1. Keep your software up to date

Ensuring you perform scheduled software updates for programs, apps and operating systems right away can reduce the risk of a cybercriminal exploiting weaknesses to launch a hack attack.

Turning on automatic updates is the easiest way to ensure you don’t forget.

2. Change your password every three months

Regularly changing your password — and making sure your employees do it, too — is one way to ensure you can thwart cyber criminals who, for example, may have accessed your password in a data leak.

Here are some tips on how to create a strong password and remember it. For those with too many passwords to remember, use one of the password managers on this list.

3. Use multi-factor authentication (MFA)

MFA usually means using a combination of a password or pin plus an authenticator app or token or biometric information like a face scan.

Having multiple layers of security protecting your information and assets makes it much harder for cyber criminals to penetrate your accounts.

Read more here about multi-factor authentication for small business.

4. Schedule automatic backups

Making a digital copy of your website and databases is important in the event your data is lost or stolen. Having a backup of your business’s key data stored on an external hard drive or in the cloud can help your business to recover quicker in the event of a cyber-attack.

Editor’s note: Website Security is a one-stop website safety net that includes backups, an SSL, malware scanning, as well as a firewall that turns away suspicious traffic before it even gets into your website.

GoDaddy Website Security Dashboard
Website Security from GoDaddy can help keep your website safe.

5. Get an SSL certificate

An SSL certificate is a form of digital certification that creates an encrypted link between your customer’s web browser and your web server.

SSLs create a digital safe space where sensitive information like passwords, banking details and usernames can be safely shared.

It’s a great first step in protecting your e-commerce website and giving customers confidence to shop with you. They even offer SEO benefits for your website to help it get found in search. Conversely, not having an SSL could get your website labeled "Not Secure" in Google results.

6. Manage your access control

Making sure you carefully curate who can access your business data is another good step to improve your cyber safety. Access control can limit access to items like files and folders, databases and mailboxes so only those employees that require access can get in.

Business critical systems should be locked down to only those trusted few who absolutely need access.

This includes your customer relationship management (CRM) system, as this is a goldmine for hackers.

7. Get a firewall

A firewall checks all data requests from your server and reviews them before allowing them into your site.

Installing a firewall is particularly important if you have employees working remotely.

The firewall included with GoDaddy’s website security tool acts as a security door protecting your business website.

Read more about how to keep hackers away from your business systems and IT intranet with a network firewall.

8. Scan your website for attacks

Installing a security system that scans your website for malware can help find any malicious software before it causes damage. A malware scanner that checks your website regularly will ensure you are alerted if malware is found.

Find out more about how GoDaddy’s site security solution scans and removes malware here.

9. Secure your email accounts

Email accounts are a rich bounty of information for cyber criminals as they contain so much of our information — from contact numbers to travel plans and events.

Using a spam filter and upgrading your email account security are great first steps.

You can get instructions on how to check your email account security for Outlook here and Gmail here.

10. Talk to your employees about cyber safety

Ensure your employees know how to:

  • Take steps to protect themselves from potential threatsWoman talking to two people
  • Identify a dodgy email, invoice or social DM

There are plenty of online resources available to help you educate yourself and your staff.

Check out the resources available on the Government of Canada website and the Canadian Centre for Cybersecurity.

The information contained in this blog post is provided for informational purposes only and should not be construed as an endorsement or advice from GoDaddy on any subject matter.