The pandemic has made Canadian small businesses more vulnerable to cyberattacks, new research from the Canadian Federation of Independent Business (CFIB) reveals.
Nearly a quarter of businesses have experienced cyberattacks since March 2020 with 5% overall saying the attack against them was successful, the research released today found. According to the CFIB, relative to the whole economy that means an estimated 61,000 small and mid-sized businesses were victims of cyberfraud last year.
“While many small businesses have adapted to the pandemic by adopting new technologies, remote-work arrangements and ecommerce platforms, these changes have also created new opportunities for cyberattacks,” said Jasmin Guenette, CFIB’s vice-president of national affairs. “It’s more important than ever for small firms to protect their information systems.”
More than 80% of businesses that experienced a cyberattack say it came through e-mail scams and phishing attempts and 50% encountered malicious software.
The businesses most at risk of cyberfraud were:
- Those with 20 or more employees
- Those who allowed their employees to work remotely or made any changes to their online presence
- Those in the manufacturing, wholesale trade, business services and enterprise and administration management sectors
“When a small business suffers a cyberattack, the effects can be very heavy, from stress and financial loss to compromised personal and banking information and negative impacts on business relationships,” said Andreea Bourgeois, senior analyst at CFIB. “Many are investing more in their IT infrastructure – $6,700 on average – but beyond that, they have few recourses if a cyberattack is successful.”
CFIB recommends that businesses invest in cyber insurance to protect themselves in the event of a cyberattack. In addition, business owners should:
- Be aware of cyber risks to their business, using sources such as the Insurance Bureau of Canada, the Government of Canada’s National Security and Defence, Cyber Security Unit, CFIB’s website and other business associations’ websites and resources
- Raise awareness among employees about cyberattacks and train staff to detect and avoid them
- Share information on scams and best practices for prevention with other business owners
- Report cyberattacks to law enforcement and other authorities, such as the Canadian Anti-Fraud Centre, the Competition Bureau, and the Better Business Bureau.
The organization added that governments, law enforcement agencies and other authorities can help business owners protect themselves by using “cyber policing” resources adequately, proactively sharing information on existing resources and best practices with businesses and associations, and provide services specifically tailored to SMEs regarding cyber insurance and cyberattacks.
Governments can also provide small businesses with tax credit or grants to help them invest in IT protection equipment, it said in a release.
“More than half of small business owners say they are more worried about potential cyberattacks since March 2020,” said Guenette. “Cyberattacks will continue to be a growing concern for small businesses in 2021 and beyond. Being proactive in protecting their information systems and training staff to detect cyberfraud attempts is their best defense.”
Additional information is contained in CFIB’s full Cyberfraud in small business research snapshot.