Saturday, October 1, 2022
Home Tech News Canadian SMBs, employees criticized for poor cybersecurity practices

Canadian SMBs, employees criticized for poor cybersecurity practices

Employees at small and medium-sized Canadian organizations have been given a “C” rating for their knowledge of cyber safety and awareness.

The rating comes from the Insurance Bureau of Canada, which, after surveying 1,525 workers at companies with fewer than 500 employees, concluded firms have been slow to adapt to increasingly frequent and sophisticated cyber attacks.

Among what the bureau called “startling” findings:

  • only a third of respondents (34 per cent) said their company provides mandatory cyber security awareness training;
  • only half of respondents said their organization has introduced multi-factor authentication;
  • only a quarter of respondents (24 per cent) said their employer conducts phishing email simulations to help promote cyber vigilance.

Just under three-quarters of respondents (72 per cent) said they have done something that could allow a cybercriminal to gain access to their company’s computer systems. For example:

  • 27 per cent said they use one password to access multiple websites they use for work;
  • 23 per cent access public Wi-Fi while using their work computer;
  • 19 per cent said they download software/apps on their work devices that were not provided by their employer;
  • 7 per cent allow family members or friends to use their work computer; and
  • 5 per cent share their work login or password by email or text.

The survey results, called a Cyber Savvy Report Card, were released in advance of October’s cybersecurity awareness month.

To help raise awareness, the bureau launched, to help small business owners and their employees better understand the threat of cyber attacks and what they can do to reduce their risk.

“Everyone has a role to play in reducing cyber threats in the workplace,” said Celyeste Power, the insurance bureau’s executive vice-president for strategic initiatives and advocacy. “While cyber insurance is an important backstop for businesses in the event of a cyber breach, it should be thought of as one component within a complete cyber risk mitigation strategy aimed at reducing an organization’s vulnerability to online threats.”

Employees may also underestimate the role they play in their organization’s cyber defences, the bureau said. It notes that 30 per cent of respondents said they don’t believe cybercriminals would target them at work, while 28 per cent of respondents said their employer is solely responsible for protecting their workplace from cyber threats.

Twenty-one per cent of respondents believe that most cyber breaches are minor and easy to resolve. “The reality,” the bureau said in a news release accompanying the results, “is that they can have a devastating financial impact.” Citing IBM’s latest annual cost of a data breach report, the bureau notes that in 2021, the average total cost of a data breach to Canadian organizations was an estimated $7.3 million.

The insurance bureau has a stake in the cybersecurity of customers with cyber insurance. As a result of rising claims and payouts, insurers have been raising premiums, restricting coverage, and demanding customers toughen their cyber defences, according to a global survey released last month.

- Advertisment -

Most Popular

Former Calgary Dino now a rookie with NFL’s Los Angeles Chargers

Canadian Deane Leonard has certainly taken the path less travelled to the NFL’s Los Angeles Chargers. The 22-year-old cornerback is in his rookie season with...

‘Impact success!’ Nasa spacecraft smashes asteroid in first ever ‘planetary defence test’

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video Nasa has successfully crashed a spacecraft into a small asteroid...

TikTok could face £27m fine for failing to protect children’s privacy

TikTok could face £27m fine for failing to protect children’s privacyInvestigation finds video-sharing app may have breached UK data protection law between 2018 and...

Eight states sue crypto lender Nexo over security sales and misleading marketing

/ New York’s attorney general alleges that the company’s Earn Interest Product was a security, one that the company wasn’t registered to sell,...