Skip to main content
Open this photo in gallery:

Just 16 per cent of small business feel certain they know how to handle a cyber attack, new research from Mastercard shows.Getty Images

Canada’s cybercrime landscape has evolved. What was once a small, black-market sector is now a vast ecosystem of professionally-run organizations. Fueled by the rapid growth of e-commerce and digital transactions, cybercrime has become one of the most lucrative criminal activities worldwide.

Small businesses are especially vulnerable to emerging cyber threats, as the rush to digitize operations and adopt new technologies has left many open to attack. According to the results of new Mastercard Canada research, just 16 per cent of Canadian small business owners surveyed feel certain they know the best steps to take following a cyber attack, and only 18 per cent are totally confident that their business would recover fully from an attack in the next six months. What’s more, a startling 57 per cent report not receiving any form of cybersecurity training – something Mastercard is looking to change.

Nishant Raina, Mastercard Canada’s small business lead, says that educating small business owners and employees is crucial in the fight against cybercrime. Being proactive – rather than reactive – matters, Raina says. He cautions small business owners to build a strong cybersecurity culture into the fabric of their business.

“Whether you’re starting a business or in a growth or mature stage … you need to be ingraining cybersecurity tools into the business right from the start,” he says. Staying informed on emerging cyber threats, and funneling that information down to staff and partners, helps everyone stay a step ahead.

“Education, education, education. I can’t stress that enough,” he says.

Raina also stresses that personal data is just as important as business data. Small business owners are consumers first, and their personal information is valuable to cybercriminals. Aviva Klein, vice president of digital payments and cyber & intelligence at Mastercard Canada, agrees, adding that phishing scams often directly target individuals and employees in an attempt to get higher up the value chain, to clients, partners or even government agencies. “Your best defense and worst weakness is your people,” she says.

Klein encourages keeping employees informed on how to spot and report potential cyber threats. Dole out relevant onboarding materials to new employees, conduct regular phishing tests and audits, and offer ongoing education on how to protect personal data, passwords and devices. Creating a culture where staff are encouraged to ask questions and voice concerns about potential security threats can be crucial to preventing attacks. “There shouldn’t be any secrets when it comes to cybersecurity,” she says.

Staying up-to-date with security patches – program updates to eliminate vulnerabilities – and software updates protects business systems from vulnerabilities. Cybercriminals are known to exploit weaknesses in outdated software, in what are often referred to as patching scams. To stay secure, businesses must regularly update their operating systems, antivirus software and firewalls.

Still, with limited resources and time, investing in cybersecurity measures often falls to the bottom of the small business priority list. Automation and awareness are key factors in helping firms stay lean while protecting their operations and customer data, Klein says. Start by implementing two-factor authentication, using a password manager and enabling automatic software updates.

Data proves that investing in cybersecurity measures has a positive impact on business growth. Mastercard’s research shows that Canadians want to shop at places that have good cybersecurity measures in place. 41 per cent of surveyed consumers said they’d distrust a business that had suffered a cybersecurity attack. Another 55 per cent of consumers have already refrained from making online purchases due to cybersecurity concerns or a past cyber breach.

“Think about what you’re protecting,” Klein says. “What is that crown jewel of your business? Is it a customer list, financial data, or personally identifiable information (PII)?” Then, think about what’s at risk if that information is compromised.

“It’s an investment in the future of your business,” Klein adds.

Small businesses can also take advantage of resources and education from sources such as Mastercard’s Business Resource Centre and Trust Centre. Mastercard is committed to investing in resources and technology to help small businesses stay cyber-secure.

“Small businesses are the lifeline of the Canadian economy,” Raina says. “[Your] success is our success.”

Other educational resources can be found through Digital Main Street, including a tailored video course offered in partnership with Mastercard to educate small and medium-sized enterprises on cybersecurity.

Ultimately, combating cybercrime requires a combination of education, proactivity and security solutions. “We need to take care of our digital health the way we take care of our physical health,” Klein says. “Schedule the checkup, change the password … you just have to do it.”


Advertising feature produced by Globe Content Studio with Mastercard. The Globe’s editorial department was not involved.

Interact with The Globe