Protecting Your Business from Cybercrime

Protecting Your Business from the Growing Incidence of Cybercrime Attacks

Cybercrime, also known as a cyberattack or cyber fraud, consists of any criminal offence involving the internet or a computer either as a target or as a means to commit a crime.

Fraud is the most common type of cybercrime reported to police; it makes up over half of all internet-based crimes. Business email and email account compromises caused the highest financial toll in the US, with nearly 2.4 billion USD in reported victim losses in 2021, according to the FBI. Cyber security incidents impacted 18% of Canadian businesses according to Statistics Canada (StatCan).

Cybercrime examples of commercial transactions include identity theft, phishing scams to take over customer accounts, malicious software, supplier payments fraud and ransomware. Interestingly, 82% of businesses indicated to StatCan that they did not pay a ransom when blackmailed by a cybercriminal that had locked or compromised their networks. The wisdom of this approach is confirmed by their statistics, which show that over 50% of companies that do pay the ransom do not get the key to unlock their data.

Microsoft’s 2022 Digital Defense Report lays out the threats around many verticals, from supply chain to critical infrastructure. Global cybersecurity firm Palo Alto Networks indicated in its Cyber Threat Bulletin for 2022 that manufacturing was the Canadian vertical most targeted by ransomware gangs. Supply chain attacks are becoming more common as criminals take advantage of a lack of monitoring within some organizations’ environment. Legal and professional services were the second most targeted businesses, however.

Experts say the cyber wars are intensifying, with nation-state actors pivoting strategies to exploit the shift to hybrid work along with the supply chain challenges to achieve maximum disruption. Not all cybercriminals are motivated by geopolitics or ideology, however. Some are motivated purely by profit, and your small business could be vulnerable.

What Makes Your Small Business Vulnerable to Cyberattack?

There are four main areas of vulnerability that cybercriminals target in making attacks. They are:

1. Weak passwords


2. Out-of-date software that has not been updated with the appropriate “patches”


3. USBs or other removable media that have been infected with malware


4. Phishing, one of the significant sources of business cybercrime, often occurs via infected emails which download viruses or give access to your data

How To Guard Against Cybercrime

There are several straightforward and apparent ways to safeguard against cyberattacks, including strengthening passwords, enabling two-factor authentication, training staff to identify phishing emails and keeping your data backed up in the event it is taken hostage. Software solutions such as encryption, anti-virus and firewalls should also be a fundamental part of your prevention strategy.

In addition to this common-sense vigilance, it’s a good idea to monitor purchase trends and watch for deviations from normal sales activities. Well-known signs of a fraudulent purchase are:

1. Missing contact information on an order


2. Priority rush orders of high-value merchandise or orders placed over the internet without any customer contact


3. Orders to be shipped to a different address other than the billing address

Tips for avoiding fraud include:

1. Requiring customers to use the three-digit security code on the credit card,


2. Phoning the cardholder to confirm the order, and


3. Setting limits on the number and dollar value of purchases.

In addition to raising awareness amongst your employees and training staff on best practices, it’s wise to stay up to date on developing threats through the resources provided by the experts, such as the Government of Canada’s Cyber Security Unit, the CFIB website, or the Insurance Bureau of Canada.

A new McKinsey & Company report points out the fundamental tension between optimizing the customer experience and controlling cybercrime because tighter customer protection and fraud control often add friction to or detract from the customer experience. The challenge for businesses will be to strike a balance with a fraud prevention policy that preserves a positive client experience while including the elements of deterrence, prevention, detection, investigation, and dispute handling.

If you are a victim of cybercrime, it is important to report it to the Canadian Anti-Fraud Centre, though if the scammers are operating overseas, there may be little recourse.

Insurance to protect your business may be a sensible option in these times of escalating cybercrime, particularly ransomware attacks.

The ARAG Legal Expense Insurance (LEI) policy deals with a situation in which an individual brings a civil action against the insured business for damages they suffered following a data breach at that business. Under the LEI policy, ARAG would assign legal counsel for the individual. Attempts at negotiating a reasonable settlement would be made first, but if unsuccessful, the assigned lawyer would represent the individual in civil court.

The policy would cover all legal expenses in relation to the civil action. The policy would not cover any damages and/or fines awarded by a judge if their defence was unsuccessful.

Remember, responding to cyber threats is not just the job of the IT department. All departments should stay vigilant and proactive regarding fraud and cybercrime. By focusing on security controls and internal staff training relating to the dangers, it’s possible to mitigate, if not altogether avoid, the risk of cyber-attacks and the financial losses that accompany them.