Canadian small businesses, employees criticized for poor cybersecurity practices

Employees of small and medium-sized organizations in Canada received a ‘C’ rating for their knowledge of cyber safety and awareness.

The rating is from Insurance Canada, which surveyed 1,525 employees at companies with fewer than 500 employees and concluded that companies are slow to adapt to increasingly frequent and sophisticated cyberattacks. attached.

Among what the agency called “amazing” discoveries:

• Only one-third (34%) of respondents say their company offers mandatory cybersecurity awareness training.
• Only half of respondents said their organization has multi-factor authentication in place.
• Only a quarter (24%) of respondents say their employers use simulated phishing emails to promote cyber vigilance.

Just under three-quarters (72%) of respondents say they have done something that allowed cybercriminals to gain access to their company’s computer systems. for example:

• 27% say they use one password to access multiple websites they use for work.
• 23% access public Wi-Fi while using their work computer.
• 19% say they download software/apps to work devices that were not provided by their employer.
• 7% allow family and friends to use their work computer.When
• 5% share their work logins or passwords via email or text message.

The findings, called the Cyber ​​Savvy Report Card, were released ahead of Cybersecurity Awareness Month in October.

To raise awareness, the agency launched cybersavvycanada.ca to help small business owners and their employees better understand the threats and risks of cyberattacks and what they can do to mitigate them. .

Celeste Power, Executive Vice President, Strategic Initiatives and Advocacy, Insurance Authority, said: “Cyber ​​insurance is an important backstop for businesses in the event of a cyber breach, but he sees it as one component of a complete cyber risk mitigation strategy aimed at reducing an organization’s vulnerability to online threats. should think about it.”

Employees may also underestimate the role they play in an organization’s cyber defenses, the agency said. Thirty percent of respondents said they would not be targeted by cybercriminals at work, and 28% said employers are responsible for protecting their workplaces from cyberthreats.

21% of respondents believe most cyber breaches are minor and easy to fix. The agency said in a news release accompanying the results, “In reality, it could have a devastating financial impact.” It notes that the average total cost of a data breach to Canadian organizations in 2021 is an estimated $7.3 million.

The Insurance Authority is involved in the cyber security of its cyber insurance customers. According to a global study released last month, as a result of rising claims and payments, insurers are raising premiums, limiting coverage and requiring customers to step up their cyber defenses.