November 29, 2024
Michael Trendler—Managing Director of Specialty Insurance, Travelers Canada
How many of us check our phones first thing in the morning and do a final social media or email scroll at night? Our devices conveniently hold the things we use most: contact information, communication apps, payment methods, health data—and that just scratches the surface.
As technology becomes increasingly sophisticated, so do cyber criminals. Technology is effortlessly woven into our everyday routines, and as such, our exposure to threats is greater than ever. This heightened exposure has resulted in large-scale cyberattacks around the globe. In 2024 alone, there have been several massive breaches to companies affecting employees and customers alike.
Canadian businesses are taking notice. For the second straight year, cyber threats are the top overall business concern according to the 2024 Travelers Canada Risk Index. More than 80% of business insurance decision-makers said having the right cybersecurity controls in place was critical to the well-being of their organization.
Having a plan to mitigate damage in the event of a cyberattack is extremely important, but taking security measures before an event can make the difference between a successful or unsuccessful hack attempt. Companies should have the proper security measures and resiliency programs in place to protect their data and digital files. They should also equip their employees with the knowledge and tools to identify bad actors and breach attempts.
Employees can be considered the first line of defense when it comes to cybersecurity. Employers should provide them with proper training and resources to help identify fraudulent requests from bad actors. Employees can help spot suspicious email activity by asking a few basic questions:
- Did the message come from a known contact?
- Is there a sense of urgency to respond or an unusual request demanding your attention?
- Are there grammatical errors throughout?
Beyond training, employers need to consider who has access to files and systems. Not everyone will require the same level of administrative access, so limiting access to core individuals can help further minimize the risk of information landing in the wrong hands.
As part of a strong risk mitigation program, there are preventive measures companies should consider implementing to further protect against threats:
- Use endpoint detection and response
- Use multifactor authentication for remote and administrative access
- Create an incident response plan
- Create a cyber assessment for vendors
- Have a dedicated team in place to respond immediately to attacks
Cybersecurity is a shared responsibility. While threats might always be around, the more prepared companies and individuals are, the easier it will be to sleep at night—after shutting down social media, of course.