Skip to main content

The Globe and Mail

Small businesses can be easy targets for hackers

As more organizations make the shift to digital, the threat of contracting viruses or suffering a data breach increases. Arguably the most vulnerable organizations are small businesses and non-profits, who often do not have dedicated IT teams in-house to shield and protect against threats or guide employees toward digital best practices.

An IT issue can lead to downtime, data loss, damage to your organization's reputation and significant expense. Ransomware (a virus that renders your computer and files inaccessible until you pay up) is infecting computers worldwide, and is already costing small and medium-sized businesses billions of dollars.

A common misunderstanding among smaller organizations is that they are of no interest to hackers because they're not large enough to be worthwhile. Yevginy Vahlis, head of the Security First team at Georgian Partners, explains, "You don't need to be personally targeted to be a victim of cyber-crime. A lot of cyber-crime is automated and scaled up."

Story continues below advertisement

"Ransomware is a particularly good example," Vahlis continues, "because it is automated today. Typically it is deployed through a phishing e-mail and this happens at scale. This mentality of 'I'm not important enough' is one of the main reasons for compromise."

Vahlis encourages people to take a holistic approach to security, and think about it often. When you get in a car, you put on your seat belt. When you leave your house, you lock the door. Good security becomes a habit, and shouldn't be limited to those in technical positions or executive capacities – everyone should be thinking about digital security.

Adherence to cyber-security basics doesn't call for deep technical know-how, but it does require diligence. Experts have been recommending the use of strong passwords for years, but many people still use weak passwords and have the same one for multiple log-ins. Even Facebook CEO Mark Zuckerberg, someone who should know better, was found guilty using the same password on different platforms. Until more services move to password-less log-ins, using a strong and different password for each one is the best defence. Password manager services like 1Password or LastPass can help you remember multiple passwords. If a service offers it, opt for two-factor authentication, which combines your password log-in with a code delivered separately (usually sent in a text message).

Always use the latest version of software, operating systems and Web browsers. Updates are often released to fix security vulnerabilities, and when your computer or smartphone prompts you to update, don't ignore it. The recently updated Microsoft Windows 10 operating system is much more secure than previous versions of Windows. Upgrade as soon as your organization can. Using a Mac? Don't assume it can't get a virus. While Apple has an excellent track record with security, Macs are not immune from attack.

To avoid ransomware, "there are three main things you can do to be in pretty good shape," says Vahlis. "Keep your software up to date, enable two-factor authentication on any account that supports it, and try to avoid clicking on links in e-mails. Check if the actual URL of the link makes sense to you – most of the time the links will point to a URL that you just don't recognize."

Security and IT best practices are constantly evolving. Georgian Partners produces a Security First Guide and The Impact podcast for business owners, and Decent Security has high-level guides that are accessible for non-experts. Ultimately, if backing up data, practising proper cyber-security and technical maintenance is still falling to the bottom of your to-do list, it may be time to bring in the pros.

Thyagi DeLanerolle and Judy Escobar are co-founders of BizXPro, a website dedicated to connecting businesses with vetted IT solutions providers. The pair says that managed IT service, including security, is one of the most popular categories on their website. Escobar explains, "I believe people are searching for managed services because they're looking for consulting as well as execution. Most smaller businesses are not familiar with security and IT issues, and they don't know what they don't know."

Story continues below advertisement

Professional IT needn't be expensive. DeLanerolle explains that managed IT services "can cost $6,000 to $7,000 a month for a company to come in and take care of everything. But many IT service companies are now offering a break/fix model, where someone is on-call. We're seeing a shift in the industry where companies are doing monthly retainers with nominal flat fees per month that small-business owners can access."

DeLanerolle and Escobar understand that for many business owners, IT can be a bother. Escobar jokes, "It's so unsexy. But really, we call IT 'glue.'" DeLanerolle continues, "It's the glue behind the scenes. IT professionals are the unsung heroes of many businesses."

Avery Swartz is a tech expert who helps small businesses with all things digital. She is also the founder of Camp Tech, a tech training company for businesses and individuals across Canada.

Report an error
Comments

The Globe invites you to share your views. Please stay on topic and be respectful to everyone. For more information on our commenting policies and how our community-based moderation works, please read our Community Guidelines and our Terms and Conditions.

We’ve made some technical updates to our commenting software. If you are experiencing any issues posting comments, simply log out and log back in.

Discussion loading… ✨

Combined Shape Created with Sketch.

Combined Shape Created with Sketch.

Thank you!

You are now subscribed to the newsletter at

You can unsubscribe from this newsletter or Globe promotions at any time by clicking the link at the bottom of the newsletter, or by emailing us at privacy@globeandmail.com.