Skip to main content
The Globe and Mail
Support Quality Journalism.
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
per week
for first 24 weeks

Enjoy unlimited digital access
Enjoy Unlimited Digital Access
Get full access to
Just $1.99 per week for the first 24 weeks
Just $1.99 per week for the first 24 weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(}function setPanelState(o){dom.root.classList[o?"add":"remove"](,dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); } //

As more organizations make the shift to digital, the threat of contracting viruses or suffering a data breach increases. Arguably the most vulnerable organizations are small businesses and non-profits, who often do not have dedicated IT teams in-house to shield and protect against threats or guide employees toward digital best practices.

An IT issue can lead to downtime, data loss, damage to your organization's reputation and significant expense. Ransomware (a virus that renders your computer and files inaccessible until you pay up) is infecting computers worldwide, and is already costing small and medium-sized businesses billions of dollars.

A common misunderstanding among smaller organizations is that they are of no interest to hackers because they're not large enough to be worthwhile. Yevginy Vahlis, head of the Security First team at Georgian Partners, explains, "You don't need to be personally targeted to be a victim of cyber-crime. A lot of cyber-crime is automated and scaled up."

Story continues below advertisement

"Ransomware is a particularly good example," Vahlis continues, "because it is automated today. Typically it is deployed through a phishing e-mail and this happens at scale. This mentality of 'I'm not important enough' is one of the main reasons for compromise."

Vahlis encourages people to take a holistic approach to security, and think about it often. When you get in a car, you put on your seat belt. When you leave your house, you lock the door. Good security becomes a habit, and shouldn't be limited to those in technical positions or executive capacities – everyone should be thinking about digital security.

Adherence to cyber-security basics doesn't call for deep technical know-how, but it does require diligence. Experts have been recommending the use of strong passwords for years, but many people still use weak passwords and have the same one for multiple log-ins. Even Facebook CEO Mark Zuckerberg, someone who should know better, was found guilty using the same password on different platforms. Until more services move to password-less log-ins, using a strong and different password for each one is the best defence. Password manager services like 1Password or LastPass can help you remember multiple passwords. If a service offers it, opt for two-factor authentication, which combines your password log-in with a code delivered separately (usually sent in a text message).

Always use the latest version of software, operating systems and Web browsers. Updates are often released to fix security vulnerabilities, and when your computer or smartphone prompts you to update, don't ignore it. The recently updated Microsoft Windows 10 operating system is much more secure than previous versions of Windows. Upgrade as soon as your organization can. Using a Mac? Don't assume it can't get a virus. While Apple has an excellent track record with security, Macs are not immune from attack.

To avoid ransomware, "there are three main things you can do to be in pretty good shape," says Vahlis. "Keep your software up to date, enable two-factor authentication on any account that supports it, and try to avoid clicking on links in e-mails. Check if the actual URL of the link makes sense to you – most of the time the links will point to a URL that you just don't recognize."

Security and IT best practices are constantly evolving. Georgian Partners produces a Security First Guide and The Impact podcast for business owners, and Decent Security has high-level guides that are accessible for non-experts. Ultimately, if backing up data, practising proper cyber-security and technical maintenance is still falling to the bottom of your to-do list, it may be time to bring in the pros.

Thyagi DeLanerolle and Judy Escobar are co-founders of BizXPro, a website dedicated to connecting businesses with vetted IT solutions providers. The pair says that managed IT service, including security, is one of the most popular categories on their website. Escobar explains, "I believe people are searching for managed services because they're looking for consulting as well as execution. Most smaller businesses are not familiar with security and IT issues, and they don't know what they don't know."

Story continues below advertisement

Professional IT needn't be expensive. DeLanerolle explains that managed IT services "can cost $6,000 to $7,000 a month for a company to come in and take care of everything. But many IT service companies are now offering a break/fix model, where someone is on-call. We're seeing a shift in the industry where companies are doing monthly retainers with nominal flat fees per month that small-business owners can access."

DeLanerolle and Escobar understand that for many business owners, IT can be a bother. Escobar jokes, "It's so unsexy. But really, we call IT 'glue.'" DeLanerolle continues, "It's the glue behind the scenes. IT professionals are the unsung heroes of many businesses."

Avery Swartz is a tech expert who helps small businesses with all things digital. She is also the founder of Camp Tech, a tech training company for businesses and individuals across Canada.

Report an error
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to If you want to write a letter to the editor, please forward to

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies