a person working on a digital screen

Setting Cyber Security Priorities

Setting Cyber Security Priorities

Synopsis
5 Minute Read

While the number of cyber security attacks grows every day, too many businesses have adopted a potentially dangerous attitude that cyber attacks only happen to large companies.

While the number of cyber security attacks grows every day, too many businesses have adopted a potentially dangerous attitude that cyber attacks only happen to large companies. Companies that are too small to employ full security teams may take comfort in having tools in place such as firewalls and anti-virus software; however, as attacks become more sophisticated, the current slate of preventative measures may not be enough to keep them safe.

According to a survey conducted by Ipsos Reid on behalf of MNP, half of Canadian businesses either suspect or know for certain that their business has experienced fraud or scams in the last year. Despite new headlines filled with stories of businesses that have experienced an attack, 80 to 90 percent of the respondents are under the illusion they could put a stop to the fraud if it happened to them.

On the opposite end of the spectrum, businesses run the risk of becoming overwhelmed by the barrage of bad news and undertake an equally misguided attempt to implement protection against every known threat in the cyberworld.

Instead of chasing every possible threat or simply ignoring the problem, businesses need to take a pragmatic approach by setting priorities and developing plans that will provide the greatest protection against the most likely risks.

Start Where You Are

Before deciding what security tools and protocols are needed, businesses need to step back to analyze their position and understand their current state. A cyber health check will help inventory assets, understand vulnerabilities, and anticipate the greatest threats.

A comprehensive inventory will incorporate the assets that need protection; including any information, technology, systems and data that could cause damage if it were stolen or compromised. By developing a risk-based view of these assets, companies can ascertain how the material is stored, who has access to it, how it could be lost or stolen, and the risk to the company if it is lost or stolen.

Capturing a snapshot of devices, systems and software programs will help identify any unauthorized changes. Without knowing how many devices or types of software are authorized to be on a system, it may be impossible to notice if a cyber criminal adds a piece of equipment or malicious software.

A current list of security controls will identify the protection already have in place. Instead of taking on the impossible task of safeguarding against every possible attack, companies can focus on the most common threats affecting their industries or businesses of the same size.

Focused Security Budgets and Resources

By assessing vulnerabilities and the most likely threats to business, companies can identify the areas where it makes the most sense to invest time, money and resources.

The Center for Internet Security has developed a 20-step security framework that can help any business build an effective security framework. Simply implementing the top five strategies could reduce security risk by 85 percent:

  1. Inventory authorized and unauthorized devices
  2. Inventory authorized and unauthorized software
  3. Secure configuration for hardware and software
  4. Continuous vulnerability assessment and remediation
  5. Controlled use of administrative privileges

Adding simple monitoring and controls to high-risk areas can also have a significant impact. If intellectual is stored on system files and folders, software can be used to monitor the copying or downloading documents. Monitoring can also be easily added to databases and web infrastructure.

Don’t Make Assumptions About Security

Building a security plan based on actual priorities puts businesses in a strong position if an attack strikes. It’s not sufficient to assume that small companies are safe from attack. Unfortunately, small businesses are often targeted because they don’t often don’t have the resources to invest in adequate protection or planning.

Tomorrow’s technology is shaping business today. For help identifying where you should be setting your cyber security priorities, contact Danny Timmins, National Cyber Security Leader, at 905.607.9777 or [email protected].

Insights

  • Progress

    April 30, 2025

    How the current market impacts the value of your energy business

    How do shifts in the energy sector impact the value of your business? A valuation can help you understand what your company is worth in a volatile market.

  • Agility

    April 30, 2025

    What role does tech play in the next chapter of your business?

    Improve efficiency, create opportunities, and differentiate your business with these four steps for successful tech adoption. 

  • Agility

    April 29, 2025

    Rethinking growth: How Canadian wineries can adapt to a shifting landscape

    Tariffs, shifting tastes, and trade barriers are reshaping Canadian wine. Here’s how producers can respond and unlock new opportunities for growth.