But many employers experiencing cyberattacks, ransomware demands
While cyber crime is rampant these days, more than half of working Canadians (51 per cent) say they are not concerned their employer will experience a cyber attack or security breach.
And nearly four in 10 say they don't receive any cybersecurity training at work, according to a survey of 937 workers by ISA Cybersecurity.
"Creating a cyber-aware culture in the workplace is a must in 2021," says Kevin Dawson, president and CEO of ISA Cybersecurity. "Employees are the front line of defense against cybercrime, and as an employer it's up to you to make cyber awareness a priority. Continuous training and adherence to best practices will make employees less likely to click on a phony link or open an infected attachment. These are simple but powerful ways to prevent a cyber attack."
For three-quarters of ransomware infections, the encryption process begins after hours or during the weekend, according to Darktrace, an AI cybersecurity firm.
Rising cyber theats
Workers and employers should be concerned: 36 per cent of Canadian cybersecurity professionals say the volume of cyberattacks has increased during the pandemic, according to a survey by the Canadian Internet Registration Authority (CIRA).
Over the past year, 17 per cent of Canadian organizations experienced ransomware attacks. Among them, 69 per cent say they paid the ransom.
This suggests that a majority of employers simply “fork over the cryptocurrency to avoid the downtime, reputational damage, and costs that result from not paying,” according to CIRA.
Nearly nine in 10 (86 per cent) of tech leaders have suffered a cybersecurity breach in the last 12 months, according to another report released in June.
“It feels like the pandemic forced 10 years of cybersecurity adoption to happen in about 10 weeks. The pivot to work from home and employees using their own devices really increased the number of security threats facing organizations, and the bad guys did everything they could to take advantage of the situation,” says Mark Gaudet, CIRA general manager for cybersecurity and DNS services.
Nearly all (95 per cent) employers say at least some of their new COVID-19-related cybersecurity protections will be permanent.
Cyber training
Employers of any size can easily adopt cyber-smart work practices for employees, says ISA Cybersecurity, such as:
- Train employees on the different types of cyber attacks and what to watch for.
- Teach employees how to identify a phishing attack and other forms of social engineering.
- Develop a basic set of IT policies and best practices so employees know and understand the standards to follow.
- Require the use of complex, single-use passwords and augment the organization's security by employing two-factor (or more) authentication.
- Ensure employees access company resources using a VPN to protect business assets and communications.
- Make sure employees understand that using free Wi-Fi in a public place to access corporate systems is not safe.
Creating a “culture of security” involves helping employees understand how security affects them and their jobs, and accepting their role as the front line of security, says one cyber security expert.