Blog - Cambridge Chamber of Commerce

Artificial Intelligence (AI) has emerged as a double-edged sword in the realm of cybersecurity, offering immense potential to bolster defenses and creating daunting challenges that can exacerbate vulnerabilities. As businesses and organizations increasingly rely on digital infrastructure and data-driven processes, the role of AI in cybersecurity becomes crucial.

 

Historically, the term ‘artificial intelligence’ was first coined in the mid-1950s during a workshop held in Dartmouth by John McCarthy, a U.S. computer scientist, but the concept had already surfaced in 1921 when a Czech playwright introduced the notion of “artificial people” in a production entitled Rossum’s Universal Robots.

 

“AI has been around for a long time and has just scaled to what it is today, and is definitely something businesses are catching on to,” says Nick Lewis, CEO and Director of ShockproofIT, referring to AI and the issues surrounding its use. 

 

On the positive side, AI is now a daunting ally in the fight against cyber threats due to its ability to process vast amounts of data at lightning speed which enables AI-powered systems to accurately detect anomalies and patterns indicative of malicious activities. Machine learning algorithms can analyze historical data to identify evolving attack courses, allowing for proactive defense measures. 

 

“AI can really speed up the process and can look at the path of an infection from the root file all the way up to the end user,” says Nick. “AI can help investigate that path and how it’s happening, locating where the broken or infected link is so you can troubleshoot further.”

 

Insights offered for emerging threats

 

As well, AI-driven threat intelligence platforms can provide real-time insights into emerging threats, empowering organizations to stay one step ahead of cybercriminals. And for those who’ve already experienced an attack, it can also provide a detailed report of the incident for auditing purposes.

 

“AI can help you provide some verbose notes and data for creating reports about any attacks,” he says. “It can help you build that out.”

 

On the negative side, the proliferation of AI also introduces new challenges and risks to cybersecurity as cybercriminals continue to increasingly harness AI-powered tools and techniques to launch sophisticated attacks that can evade traditional security defenses. 

 

“Cybercriminals can analyze and collect data much quicker now and identify other avenues and trajectories of attack,” says Nick. “Criminals can also create new and sophisticated, and original targeted phishing attacks that wouldn’t otherwise be possible without the help or aid of AI.”

 

As well, AI can also assist cybercriminals in creating malware that contains new vulnerabilities and then bypasses detections, he says.

 

Barrier lowered for novice hackers

 

Couple this with the fact the democratization of AI technologies has lowered the barrier to entry for cybercriminals, enabling even novice hackers to leverage AI-driven attack tools with devastating consequences, means even more threats for businesses. 

 

To combat potential threats, Nick recommends businesses conduct thorough research when it comes to boosting their cybersecurity systems.

 

“You have to do your research so you can make an informed decision before you implement anything, especially something like AI,” says Nick, who also recommends talking with someone who is knowledgeable when it comes to AI-powered systems. “Talk to a professional, or someone who has been using it for a long time in many different markets and knows it from a core fundamental aspect.”

 

But more importantly, he recommends having a security professional audit the needs of your business to ensure you implement any AI property, safely, and effectively.

 

“How does your organization and your day-to-day operations work? What do you do and don’t do? What kind of logistics are going on?” says Nick. “From there, you can build a solid plan based on those things.”

 

 

Tips for leveraging AI in business cybersecurity:

 

Understand your cybersecurity needs: Before adopting AI solutions, assess your organization's cybersecurity posture, identify key vulnerabilities, and determine specific areas where AI can make the most impact, such as threat detection, incident response, or user authentication.

 

Choose the right AI technologies: Select AI technologies that align with your cybersecurity objectives and capabilities. This may include machine learning for anomaly detection, natural language processing for threat intelligence analysis, or robotic process automation for automating routine security tasks.

 

Invest in quality data: Ensure that your cybersecurity data is accurate, relevant, and representative of potential threats and attack scenarios. Invest in data quality assurance processes and data governance frameworks to maintain the integrity and reliability of your data.

 

Employ AI-driven threat intelligence: Leverage AI-powered threat intelligence platforms can analyze vast amounts of data from diverse sources, including open-source intelligence, dark web forums, and security feeds, to provide actionable intelligence for proactive defense.

 

Implement AI-driven anomaly detection: Deploy machine learning algorithms to monitor network traffic, user behaviour, and system activities for anomalies indicative of malicious activities. 

 

Enable AI-driven incident response: Automate incident response processes using AI-powered orchestration and automation tools which can analyze security alerts, prioritize incidents based on severity and impact, and execute predefined response actions to contain and mitigate security breaches more efficiently.

 

Ensure transparency and accountability: Maintain transparency and accountability in AI-driven cybersecurity initiatives by documenting processes, methodologies, and decision-making criteria. 

 

Stay informed about AI advancements and best practices: Keep abreast of the latest developments in AI technologies, cybersecurity trends, and best practices through continuous learning and engagement with industry forums, conferences, and professional networks. 

 

Balance AI automation with human oversight: While AI can automate routine security tasks and augment human capabilities, it is essential to maintain human oversight and intervention where necessary. 

 

Regularly evaluate and adapt your AI cybersecurity strategy: Continuously monitor the performance and efficacy of your AI-driven cybersecurity initiatives and make adjustments as needed based on evolving threats, technological advancements, and organizational requirements. 

 

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn

As technology continues to rapidly evolve, businesses are increasingly turning to Artificial Intelligence (AI) to streamline operations, enhance efficiency, and gain a competitive edge. 

 

There is no question surrounding the benefits of integrating AI into business processes, but there remain legitimate concerns that accompany this technological leap.

 

One primary concern is the ethical implications of AI implementation. As AI systems such as ChatGPT, ClickUp, Copy.ai, or Kickresume become more sophisticated, they often require access to vast amounts of data to function effectively. This raises questions about privacy and the responsible use of sensitive information, as well as legal concerns surrounding the use of intellectual property.

 

“The question is fair use or is it a violation of copyright,” says Maura Grossman, Research Professor, School of Computer Science at the University of Waterloo, whose expertise centres on AI policy and ethics. 

 

She notes that an AI user can reference a particular article, book, or poem, despite it being copyrighted.  “It shouldn’t be able to do that because that’s a copyright infraction, but it can. The law hasn’t caught up with that yet but there are a number of legal cases now pending.”

 

Algorithms a concern

 

As well, Professor Grossman says bias in AI algorithms is another major concern. AI systems learn from historical data, and if that data contains biases, the algorithms can sustain and amplify them resulting in discriminatory outcomes and reinforcing existing social disparities.

 

“You’re going to find that in the language as well as the images. Open AI has spent a lot of time trying to remove toxic language from the system, so you get a little bit less of that with ChatPT,” she says, referring to the problems Microsoft experienced when it released its Tay bot in March 2016. The bot, under the name TayTweets with the handle @TayandYou, resulted in Twitter (now known as ‘X’) users tweet politically incorrect phrases and inflammatory messages resulting in the bot releasing racist and sexually charged messages in response to other users. Initially, Microsoft suspended the account after 16 hours, erasing the inflammatory tweets and two days later took it offline.  

 

“Most systems, like ChatGPT, are trained on the internet and that has its pluses and minuses,” says Professor Grossman, adding ‘hallucinations’ pose another big problem for AI users. “ChatGPT for example is trained to generate new content and to sound very conversational, so it uses what it has learned on the internet to predict the next most likely word. But that doesn’t mean it’s telling you the truth.”

 

Official policy needed

 

She says there have been instances of people using AI to conduct legal research and submitting bogus case citations in court. “I think the first case happened recently in B.C., but it has also happened all over the U.S.,” says Professor Grossman.

 

For businesses utilizing AI, she recommends drafting an official policy to outline usage.

 

“First they need to have a policy and then need to train who in the business is going to use AI because people need to understand what it does well and doesn’t do well,” she says. “Your policy needs to say what permissible uses are and what impermissible uses are.”

 

Impermissible uses could include creating a deep fake video in the workplace.

 

“Even if it’s a joke, you don’t want employees creating deep fakes,” she says, noting the policy should also outline what workplace devices can be used for AI. “If you need to save something because you’re involved in a lawsuit, then you don’t want to it be on an employee’s personal device because you won’t have access to it.”

 

Employees require training

 

As well, Professor Grossman also recommends employees clearly know what AI tools are okay to use and which are not and ensure they are fully trained.

 

“You don’t want them violating intellectual property rules or other privacy rights. You also don’t want them putting into a public tool any confidential or propriety information,” she says. “Some companies have turned off the ability to use these AI tools because they are terrified employees will put propriety information out there while asking a question about a problem they are working on. If you’re using one of these open-source tools, it’s like Google or anything else; it’s free rein.”

 

Professor Grossman says rules and regulations around AI will be gradually strengthened, noting a new regulation coming into play in B.C. pertaining to issues surrounding intimate imagery is just one example.

 

“As soon as this starts making its way more into politics, we will start to see more effort into creating regulations,” she says, referring to a recent ‘deep fake’ image that surfaced of U.S. President Joe Biden.

 

Despite these issues, Professor Grossman says AI is something more businesses will become comfortable using and should embrace this new technology. 

 

“It will save on efficiency,” she says, noting AI can greatly assist in the creation of marketing material. “Companies need to explore it and learn about it but learn about it in safe ways and understand where it can be beneficial and not just let people experiment on their own because that’s going to lead to a lot of trouble.”

 

 

AI hurdles in business

 

  • Data Quality and Availability: AI models require vast amounts of data to learn and make accurate predictions. However, businesses often struggle with data quality issues, such as incomplete, inaccurate, or biased data. Additionally, accessing relevant data across various sources and systems can be challenging.
  • Data Privacy and Security: With the increasing emphasis on data privacy regulations businesses must ensure that AI systems comply. Protecting sensitive customer and business data from unauthorized access or breaches is crucial.
  • Lack of Skilled Talent: There's a significant shortage of professionals with expertise in AI and machine learning. Hiring and retaining skilled data scientists, machine learning engineers, and AI specialists can be difficult and expensive.
  • Integration with Existing Systems: Integrating AI solutions with existing business processes, legacy systems, and IT infrastructure can be complex and time-consuming. Compatibility issues, scalability concerns, and resistance to change within the organization can hinder successful integration.
  • Interpretability and Explainability: AI algorithms often operate as "black boxes," making it challenging to understand how they arrive at specific decisions or predictions. Lack of interpretability and explainability can lead to distrust among stakeholders and regulatory compliance issues.
  • Ethical and Bias Concerns: AI systems may inadvertently perpetuate biases present in the data they were trained on, leading to unfair outcomes or discrimination. Ensuring fairness, transparency, and accountability in AI decision-making processes is essential.
  • Cost and ROI Uncertainty: Implementing AI solutions involves significant upfront investments in technology, infrastructure, talent, and ongoing maintenance. Businesses may struggle to justify these costs and accurately measure the return on investment (ROI) of AI initiatives.
  • Regulatory Compliance and Legal Risks: AI applications in business must comply with various industry-specific regulations and standards. Failure to meet regulatory requirements can result in legal liabilities, fines, and damage to the company's reputation.
  • Change Management and Cultural Resistance: Introducing AI into the workplace often requires significant cultural and organizational changes. Resistance from employees, fear of job displacement, and lack of understanding about AI's potential benefits can impede adoption efforts.
  • Performance and Reliability: AI models may not always perform as expected in real-world environments due to factors like changing data distributions, unexpected scenarios, or adversarial attacks. Ensuring the reliability and robustness of AI systems is crucial for business applications.

 

 

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn

This blog represents the second part of a two-part series on protecting your business. 

 

Operating a business is difficult enough in the current climate, especially as business leaders navigate ongoing economic, labour and supply chain issues. 

 

As a result, keeping their businesses secure and safe from potential criminal threats may not be front and centre, suggests John Burdett, President of Seamless Security Inc. in Cambridge.

 

“Times are difficult for everybody and there are cost pressures for everybody,” he says. “Security is typically not the first thing people want to spend money on, but at some point, if people are calling me, they realize they do have a need for it.”

 

That need appears to be becoming more apparent, taking into consideration local crime statistics. According to the Waterloo Region Police Service (WRPS), since January 2023 to the start of December 2023, officers responded to 21 reports of robberies at commercial properties – not including banks or financial businesses – and 338 reports of commercial property thefts, excluding shoplifting incidents. The WRPS’ 2022 annual report indicates a total of 286 robberies.

 

At the Chamber’s Conversations That Matter lunch Jan. 25 at Tapestry Hall (Tap Room), former Waterloo Region police chief Bryan Larkin, now Deputy Commissioner, Specialized Policing Services RCMP, will discuss the impact crime rates have on the local business community. 

 

“Many of my clients are larger warehouse and distribution facilities, but I’m seeing the issues with them going down and issues with smaller businesses going up,” says John. “There seems to be less internal theft issues and a lot more external theft issues happening these days.”

 

But when it comes to security systems for smaller businesses, he recommends operators may wish to start small.

 

“You really want to know how you’re going to use your security system, especially if you don’t have one already,” says John, adding having an expandable system is a good course of action. “You can always add to it later if you have the right system in place. People don’t have to necessarily spend the bank on their system. But, if you have millions of dollars of inventory to protect, you’re probably going to spend a bit more.”

 

He says deterrence is a key factor for many businesses when it comes to selecting a security system.

 

“Anything to try and get that person to ‘move on’ before they commit the crime is going to be the optimum outcome,” says John, explaining he works closely with potential clients to determine their specific needs. “A few tweaks to what you already have may be sufficient to achieve your goals. It depends on the issues you’re trying to combat.”

 

That ‘tweak’ could also include procedural changes to the way a business operates which he says could minimize the threat of potential losses.

 

“What do you keep on site? What is visible from the window? What type of lighting do you have? There are all sorts of these types of factors that come into play,” says John, adding a theft may be less detrimental to the business compared to the after-effects. “A business could be out of business for a couple of days while they replace windows, or if their point-of-sale systems have been smashed. This could have a bigger financial impact on the business than the actual theft itself.”

 

Security tips for businesses

 

1. Check Doors and Windows

Consider installing doors made from reinforced wood or steel. If your doors are made from glass, roll-down safety gates may be an option. You could also consider reinforcing frames with metal plates and reinforced strike boxes. If you have a room where a safe or other valuables are stored, consider investing in stronger interior doors for these areas.

 

?2. Upgrade to Smart Locks

For an added alarm system, smart locks can help as a measure for improved access control. As an additional benefit, smart locks can keep access records, so you know who is accessing which door at different times.

 

3. Install Alarm Cameras

With strategically placed cameras, you can capture important evidence against potential shoplifters, violent criminals, vandals, burglars, and employees that may commit crimes. Also, CCTV cameras offer considerable value because they are one of the most effective crime deterrents. 

 

4. Manage Valuable Assets

You could rethink your practices when it comes to handling cash. When you consider expensive equipment or high-value inventory, you need to think about how you store these items and anything of exceptional value should be kept out of sight from the windows when the business is closed.

 

5. Improve Exterior Lighting

Consider adding lights in areas that are dark and make sure your side and back exits are well lit. Installing motion lights in areas that do not see much traffic may also help. Smart lights can mimic the activity of an occupied structure, and this will give burglars the impression that there are people there when the building is empty.

 

6. Nightly Safety Protocols

Set a specific routine for closing time and teach it to any employee who may need to close the business for the night. Your nightly safety protocols should consist of checking and locking all doors and windows, securing valuable assets, checking different areas of the property for small business security issues, setting the wireless alarm, and more.

 

7. Install Affordable Alarm Systems

Even if your business already has an alarm system, you may want to consider its age. Surveillance system technology has come a long way in the last few years, and there could be significant benefits to upgrading to a smart alarm system that is customized for the needs of your business

 

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn

Concerns about security on the app TikTok continue to mount as provincial and municipal governments consider or implement plans to restrict employees from accessing the platform on their work devices.

 

At the end of February, the federal government officially announced it was removing TikTok from all its mobile devices, joining a growing list of governments worldwide doing the same, despite assurances from the Chinese company Bytedance which owns the app that it does not share data with the Chinese government or store it in the country.

 

All Canadian provinces are implementing or considering bans, however, at this time it remains unclear if the Yukon, Northwest Territories and Nunavut will do the same.

 

But what does this mean for businesses, many of whom now rely on the popular social media platform to promote their business?

 

 

We asked Chamber Members and marketing experts, Ashley Gould of Cinis Marketing and Cathy Lumb of Cali Marketing Communications, to share their insight:

 

Q. What are some of the key benefits for businesses who use TikTok?

 

Ashley: TikTok is a great form of marketing for businesses looking to attract a younger audience. They also currently have a huge user base and extremely high engagement, so it is an easier platform to grow your audience on. The third benefit is that less businesses are using TikTok which translates to less competition, meaning that your posts will be seen more favourably and if you engage in paid ads the cost per engagement will be lower.

 

Cathy: TikTok lets you tell your business’s story with short, fun, and entertaining content that will attract and keep people’s attention. It’s ideal for fun interactive activities and challenges to keep your audience involved and growing.

A benefit for your customers is that they won’t feel they are being advertised to, as with some traditional advertising. Businesses can get a great idea of what their customers like about their products or services as well as what needs to be improved. But it’s important to answer the question: Is my audience on TikTok?

 

Q. What has made it such an attractive social media tool for them, and can they rely on it too much?

 

Ashley: The pandemic helped tremendously with the success of TikTok as a platform. Suddenly, people found themselves with extra time and TikTok was a great place to find the most recent dance or trend that you could then try for yourself. Now, TikTok has a billion active users, who are on the app daily looking to be entertained.

Relying on TikTok as your main form of marketing only works for a very small number of businesses, specifically those who can ship internationally and who are geared to a younger audience. Though TikTok can be helpful for other businesses, it is equally important to spend time on platforms like Instagram Reels that take into account, geographic location on a broader scale.

 

Cathy: It feels more personal and is interactive, videos can be quickly created to be current and in the moment. (You still do need to carefully plan and create engaging material on TikTok.) It is easy to create content with TikTok’s dynamic music and graphics.

It’s also a great way to work with influencers who are using your product or service. If your main target audience is on TikTok then it would be hard not to be there. If TikTok is your only social media platform and at some point, feel you want to get off, it is best to be building your audience on other platforms.

 

Q. Should businesses be concerned about their information being compromised and shared?

 

Ashley: Mainstream media has made it readily known that the majority of apps access more data on our devices than they need to. That said, what is on your device should play into that decision. If your phone holds confidential information that could compromise the government, or a hospital, yes keep TikTok off that device. If the most private thing you have is your banking app, studies thus far have shown you are OK to keep the app at this time.

 

Cathy: This is a big concern as we never want our or our customers’ confidential information to be compromised and used by others. We have already seen many examples of data being collected by other companies and put at risk by being passed on to third parties, without their customers’ consent. TikTok is very good at collecting a lot of information about its users and we can’t be sure where it will end up. More investigation is needed.

 

Q. What are some steps businesses can take to protect themselves? Or can they?

 

Ashley: There is definitely something to be said about keeping TikTok on your personal device only and off your work device. TikTok has developed several strategies for keeping your information more private from an audience perspective, but not from a downloading and data collection perspective.

 

Cathy: As with all social media platforms and search engines, TikTok collects a lot of information from its users so they can effectively target ads. It is impossible for a business or individual to fully protect themselves as there is no way to opt out of all the information TikTok collects.

It’s up to each business and individual to manage their privacy, security and cookies consent on TikTok as well as their browser settings.  Even so, it’s impossible to fully protect yourself from your data being collected and possibly shared as there is no opt out for all information being gathered. A business or individual can minimize some risk by choosing not to post easily identifiable locations in TikTok videos. Individuals can set their TikTok to private to reduce risk.

 

Q. Do you see businesses moving away from using this platform?

 

Ashley: The answer to this question is complicated as it is extremely industry specific. If government employees can no longer download TikTok on their devices, then businesses that are using social media as a means of marketing to this demographic will have to find alternative routes. That said, for the majority of businesses the opposite is true, where more and more businesses are starting to create TikTok strategies.

 

 

Cathy: I think it will be a tough call to make if a business’s customers and competitors continue to use TikTok, especially if the business is benefitting. A lot will depend on what we learn in the coming weeks about TikTok, as well as what the consumer decides to do. I do think that if a business is not benefitting in a tangible way, then they may be more inclined to move away from it. 

We know that Facebook has faced criticism over the past few years, as has Twitter, but it has not stopped people from using these platforms. However, major advertisers recently moved away from Twitter in droves, so we can see that if businesses are not happy with a social media platform, they will take action.

Many individuals on social media do not feel the need to stop using it and some find it hard to understand how they can be of any interest to TikTok or Facebook.

 

 

Q. Are there any social media platforms that are ‘foolproof’ when it comes to security concerns?

 

Ashley:  In my opinion, no. Apps are always collecting data, it is part of how they are created, and that data is meant to further your user experience. Therefore, there is always some kind of security concern with an app. 

 

Cathy: All social media platforms have their strong and weak points regarding security, and all are collecting data about us. Users of social media need to adjust the security, privacy, and advertising cookie settings to the levels they are most comfortable with. Businesses on social media platforms need to keep a close eye on their social media accounts, monitor frequently and address any concerns right away.  Regularly review your analytics to determine if your business’s marketing objectives are being achieved on social media.

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn

The past two and half years has seen virtually every industry and company re-evaluate how they conduct business.

 

Readjusting to a post-pandemic world is at the forefront in many of their plans and strategies as they look towards operating in a different world compared to the one we had at the start of 2020.

 

But despite adjusting their operations in substantial ways, many may be using the same insurance coverage they adopted prior to the pandemic, not realizing that COVID-19 could lead to new risks and exposures for them.

 

We reached out to insurance experts Amanda Scheerer at Josslin Insurance and Shelley Sutton at Dumfries Mutual Insurance Company to share their thoughts on what businesses can do to ensure they are properly prepared.

 

 

Q. How has the pandemic changed the approach SMEs are taking when it comes to insurance coverage?

 

Amanda: Post-pandemic inflation has had a huge impact on valuation of buildings and equipment. Before the pandemic, it was common to adjust rebuild, or replacement cost every couple of years, but with current inflation rates we recommend that business owners review the rebuild or replacement costs listed on their policies at each renewal.

 

In addition to inflation, we find rebuild time after a major loss is longer. We’re seeing a few our clients increasing their indemnity period for business interruption from 12 months to 18 months. This accommodates for the extended building periods and will allow business to survive during the rebuild and keep key people from leaving for another workplace.

 

Shelley: It really depends on the type of business. Contractors, for example, are busier than ever, selling work sometimes a year out. If they have stock, they are insuring it at replacement cost to protect themselves from the unpredictability of the market in the event of a loss.

 

SMEs have to protect their assets. Insuring to limits helps to do so and the need for business interruption coverage for insured perils should be considered and weighed out. Limits are higher due to building material increases (inflation) and shortages of both materials and labour. Overall, SMEs are being more careful about understanding the coverage they have and the premiums they are paying.

 

 

Q. Does having a portion or all of staff working remotely require businesses to consider adjustments in their insurance coverage?

 

Amanda: If you have people working remotely as a business owner, you should ensure that company-owned assets like computers and other work-from-home equipment is covered under your insurance with an off-premises coverage extension. That extension was normal in certain industries even before 2020, but with so much company equipment now in people’s homes, it’s more important than ever to make sure your Business Insurance Liability policy has it now.

 

Finally, if your employees are meeting clients in their own homes, you may want to extend your liability coverage as their personal insurance will not cover them in the event a visitor is injured.

 

Shelley: With staff working from home comes more need for cyber security and cyber coverage if the storage of stock and equipment has changed you may need to update your agent or broker to ensure you are covered at other locations (office equipment, stock etc.). Companies need to insure equipment for off premises. If building(s) are unoccupied coverages could be void.  Businesses should check with their insurer.

 

 

Q. What are some new trends when it comes to insurance coverage that businesses may not be aware of?

 

Amanda: As mentioned before, many of our clients are extending the indemnity period on their business interruption coverage to account for the longer rebuild times.

 

Because of cybersecurity concerns, many businesses are now installing multi-factor authentication on any devices that connect to their systems. They are also ensuring that any personal devices their employees use for work (bring-your-own-devices) have sufficient security on them, so they don’t infect the business systems.

 

Finally, more businesses are using contractors to deliver their products and they may not be aware that they need non-owned auto coverage. If a restaurant owner employed an independent delivery driver with his own auto coverage and that driver is in an accident while working, the restaurant would also be named in the claim. Having a non-owned auto extension on the business’ commercial general liability policy with protect the owner in this situation.

 

 

Shelley: As large companies double down on their efforts to protect themselves and their clients, cyber criminals are targeting smaller businesses that do not have the resources to protect themselves. Comprehensive cyber coverage for ransomware, malware, data breaches, phishing attacks, remote desktop intrusion and more is critical for today’s business whether you are an online retailer or a contractor – protecting your own information and the information of your clients is your responsibility.

 

 

Q. What are some of the common concerns or questions you’ve been receiving from businesses regarding their insurance coverage?

 

Amanda: The biggest concern we’ve been hearing from our clients is about the cost of rebuilding. It’s a good idea to ensure that the property and equipment values on your insurance are current. Many policies include a co-insurance clause, which limits the amount paid on a partial claim. If you’re building or contents are underinsured, you may be responsible for any shortfall.

 

Shelley: Saving money is high on their radar as well as having adequate limits considering rising building costs.

 

 

Q. What advice would you offer business owners when it comes to insurance coverage during the pandemic?

 

Amanda: If your people are working from home and your building is partially or totally vacant, please notify your insurance provider as this could void some coverages you may have. The same goes for any building owners who rent to tenants. Many are experiencing challenges in finding tenants, so please let your insurance provider know if you have vacant units to ensure you remain covered.

 

Shelley: We still advise clients to purchase as much liability coverage as they can afford. It is important to read your policy and understand exclusions when day-to-day operations change if you are unsure, call your broker or agent.

 

To learn more, visit Dumfries Mutual Insurance Company or Josslin Insurance.

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn

The threat of data breaches or ransomware attacks have become a reality for many businesses and organizations.

 

The 2020 Cyberthreat Defense Report, created by CyberEdge Group which surveyed 1,200 security IT professionals in companies from 17 countries, found that 78% of Canadian companies experienced at least one cyberattack within a 12-month period, a figure which rose in 2021 to 85.7%. That same report also determined that 72% of Canadian respondents dealt with a ransomware threat in 2020, which luckily dropped in 2021 to 61.2%.

 

Locally, Statistics Canada figures show a total of 3,298 cyberattacks in Waterloo Region per 100,000 population in 2021, which is up from 1,113 recorded in 2017.

 

Many of the larger local attacks have media headlines, including a cyber threat on a supplier company in March of this year which prompted Toyota to halt operations at 14 plants in Japan and three manufacturing facilities in Canada, including its Cambridge plant. More recently, the Waterloo Region District School Board became a victim of a cyberattack which resulted in pay disruptions for some of its employees.

 

We asked John Svazic, Founder and Principal Consultant of EliteSec Information Security Consultants Inc. in Cambridge, to share his thoughts on what businesses can do to ensure they are prepared for any potential cyber threats.

 

Q.  What are some of the misconceptions surrounding a cyberattack or data breach?

 

John: The biggest misconception is that a business believes that they are not vulnerable or a target of cyber criminals.  Sadly, that’s not true.  If you have any form of presence on the Internet, say a Facebook page or an Instagram account, then you are at risk of an attacker. 

The attacks may be different, but they will impact you regardless.  I’ve had clients who had their Facebook accounts taken over and used for advertising by a foreign company.  That can harm your reputation.  Similarly, Instagram account hijacking is also common, and unfortunately recovery of accounts is time consuming and not always possible, leading to a lot of lost customers and influence.

 

 

Q. Are there degrees, or levels, when it comes to a cyberattack?

 

John: Yes, definitely!  The types of attacks we’ve seen locally in the region are a great example.  The most recent example from the Waterloo Region School Board seems to be a ransomware attack, which is where access to your computer network is “locked out”. 

A more common occurrence is these attackers will take data from the network first, then threaten to release these details to the public if the ransom isn’t paid.  This so called “double extortion” style of ransomware is particularly devastating to a company because there is no guarantee that the attacker won’t come back and ask for more money later.  Ransomware costs vary wildly, but it’s not uncommon to see demands from between $500 per computer to a few thousand dollars per computer, plus fees for not publicly releasing information.

Instagram and Facebook account takeovers can range from a few hundred to a few thousand dollars, depending on the attacker.

 

Q.  Are there certain types of businesses that need to worry more about an attack or breach than others?

 

John: The short answer is no.  Every company that has any type of Internet presence is a potential victim, but the likelihood of a small company being expected to pay out millions of dollars is near zero. 

The major criminal groups that get into the headlines are generally targeting larger companies because they understand that they have a greater chance of getting a large payout.  But smaller companies may also face extortion costs albeit at a smaller scale.

Sadly, there are criminal elements at all sizes, much like we have in the legitimate business world, all targeting specific markets, from enterprises to SMBs.

 

Q.  What are some of the first steps a business should take to protect themselves? Or can they?

 

John: The best thing anyone can do is make sure they use some type of two-factor (also called multi-factor) authentication for your online accounts.  This is commonly done by getting a six-digit code you get from your phone via an authenticator app or text message.  You then use that code in addition to a password when logging into email, etc.  This is an easy (and free) way to better protect your online accounts because it becomes a lot harder for an attacker to take over your account.

Using a password manager is also strongly recommended.  This can help avoid the use of re-using the same password everywhere. 

A lot of people will think that their password is safe, until one of the websites they use that password on gets breached, and then anywhere else they may use that password becomes vulnerable, regardless of how secure that website may be.

For organizations that do financial transfers, there should be a protocol in place to get some type of verbal confirmation for transfers and not to rely just on an email or text message to confirm the transfer.

 

Q. Do many businesses utilize cybersecurity insurance?

 

John: I find that cyber insurance policies are often used in tech companies because they view themselves at a higher risk, but for most other companies they don’t necessarily see the need. 

The policies I have seen range from helping pay for ransomware attacks such as paying the ransom to offering assistance to get help from an incident response firm, which is a type of cybersecurity company that will help find out how these attackers got in, get them out of the network, and then make sure they can’t get back in later. 

So again, larger companies or companies dealing with other enterprise customers are the main group seeking out cyber insurance.

 

 

Q. Has the awareness around the potential for cyberattacks increased significantly for businesses?

 

John: Cyberattacks are becoming more mainstream in terms of the amount of coverage from more traditional media outlets, which is leading to a wider realization of how bad these things can be. 

However, only the “big” attacks get headlines, and a lot of the attacks that happen often never see the light of day.  I would say that a lot more organizations have had a cyber incident than they care to admit.  Reputation, pride, and fear are some of the main factors for this. 

My advice to those companies is not to bury your head in the sand, but rather seek out help to ensure it doesn’t’ happen again, even if you don’t want it to be made public.

 

 

Q. What are some mistakes businesses make when it comes to data protection?

 

John: Aside from thinking it won’t happen to them, one of the most common mistakes is giving out the keys to the kingdom to all the employees.  Using the same login to a shared computer, for example, rather than giving individual logins for each employee.  Re-using passwords, not updating software regularly, no anti-virus on computer systems, not questioning strange requests, using company email as if it was personal email, insufficient access controls for sensitive information, etc. 

There are a lot of different things that companies can do, but a lot of it is about doing what makes sense for your own specific organization.  The basics would be not re-using passwords and making use of multi-factor authentication.

The biggest thing to remember is that it’s not about building up Fort Knox for your business, but rather making sure that you are secure enough for an attacker to look for an easier target instead, i.e., you don’t need to outrun the bear, you just need to outrun the guy beside you.

 

To learn more, visit EliteSec Information Security Consultants Inc.

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn

The fallout from the Rogers outage continues to be tallied even as Innovation, Science and Industry Minister Francois-Philippe Champagne prepares to appear before a parliamentary committee sometime this month to answer questions regarding this nationwide disruption that cost businesses thousands of dollars.

It’s been estimated, according to a recent article published by BNN Bloomberg, the Canadian economy took a $142 million hit when a major service outage July 8 affected more than 12 million Rogers’ customers.

 

The system-wide cable internet and cellular network failure, which included subsidiary brands of Rogers Wireless, Fido, Cityfone and Chatr, was blamed on a maintenance update in its core network and in some cases, repairs took several days before all services were fully restored. Rogers has agreed to compensate customers affected by the outage, but many have now been left wondering what the next outage could bring?

 

We asked two local IT experts – Five Nines IT Solutions President & CEO Douglas Grosfield and MicroAge Kitchener owner Robert Jolliffe – to share their thoughts on what businesses can do to ensure they are better prepared for the next big outage.

 

Q. What can business owners do to prepare for potential interruptions?

 

Robert: First, they should determine if they can run their business off their cell phone by hot spotting. During the Rogers outage, some people had their business internet and cell phone both with Rogers, and that left them without a back-up option.  

 

The second thing a business can do, is have two internet connections on your business premises from two different providers. If your business is at a certain size and an extra $100 (or less) a month for a backup internet connection is a negligible cost, the second connection is worthwhile investment. Even if you are not using it, you have the insurance of a back-up connection.  

 

The backup could even be the lowest, cheapest connection available, which will get you through a day or two until your main connection is back up. It’s also worth considering whether one of your connections should be wireless; Starlink is an example of wireless internet connection.  

 

Douglas: Assuming a business is using proper perimeter security devices, most industry standard firewalls will easily support having two ISP connections and will use them in many ways.  You can have them active / passive, meaning if your primary connection fails, all traffic fails over to the secondary connection with nearly zero disruption, and fails back to the primary once it again becomes available. You can also do load balancing or ‘bond’ them such that traffic with different priorities (i.e., data vs voice) uses the appropriate connection and thus has no adverse effect on the other.  Check if your cellphones support dual SIMs; many do nowadays.  You can then have a SIM from more than one cellular provider and ensure reliable communications. An alternative would be to pay for minimal ‘lines’ for key or critical users, at a secondary provider, so that a manual swap of SIMs can get them back in business quickly.  Note that these things mean a different number, but in the short term can provide connectivity and communications.

 

Q. What would be the simplest piece of advice you could offer businesses when it comes to navigating these interruptions?

 

Robert: Have a backup plan. If there's a fire in the building, you have an evacuation plan. If the if power goes out, you know what you're going to do for your business. Treat internet failure the same way.

 

Douglas: Do not allow yourself to believe you are exempt from disruptions like this. Talk to a trusted technical partner about your options and like anything else, take the first step to achieve a goal.  If as a business owner your primary goal is not to protect that business, its clients and staff, its data, and systems, and to ensure the business continues to thrive and grow, then you’re doing it wrong.

 

Q. Do you see further interruptions like these becoming more commonplace and can they be prevented?

 

Robert: They won't become more commonplace, but they will be more severe because more of our society is connected to the internet now.  

The big telecom companies are going to put in more fail-safes, so the likelihood of it happening again is low. But as time goes on and society becomes more connected to the internet the likelihood of it causing disruptions is higher. 

For example, during the Rogers outage many people couldn't pay for things. 

Another example would be grocery stores that have digital price tags on the shelves. They're using this so that they can push price changes out from their head office, electronically across all the stores. So just imagine if you needed an internet connection for that, and all the prices get set to zero and then the internet went out?

 

Douglas: Yes, these companies are in business to generate profit, no surprises there.  Their investment (in the absence of legislation or other government-mandated investments) in the backbone networks and infrastructure, and the security of same, are going to be tightly budgeted and controlled.  Add to this the fact there is little competition and low likelihood of that changing anytime soon, and the communications landscape in Canada is ripe for this sort of disruption.  Toss in external issues such as cyber-attacks, and we can see that our current highly vulnerable national communications infrastructure needs overhauling and investment.

 

Don’t get me wrong, you can protect yourself by doing the right things regardless.  Endpoint protection, firewalls, redundant Internet connections, mobile device security, VPNs, encryption, etc.  All readily available technologies, inexpensive and simple to implement and manage with expert help and advice.

 

Q. Are businesses too reliant on one telecommunications company to deliver their service?

 

Robert: I would say that, yes. If a business only has one internet connection which is connected to an almost consumer grade firewall, then they are too reliant on one company. At first, if that internet connection goes down, that business is okay to go a day without internet. Then they grow to a size where it’s not okay to go a day without internet, but they don't change anything.  There are higher end firewalls that will allow them to mesh two connections, from two providers. So, if the main internet connection goes down, the other one from the other provider kicks in seamlessly. Employees and users on the network won’t even notice a disruption.  

 

Douglas: The communications market in Canada is radically different than in the U.S., for example, where there are far more options. However, having more providers requires subscriber density, meaning how many paying customers per square mile for example, to support the infrastructure.  For example, cellular service across a large geographic area requires mostly the same infrastructure (i.e., towers, networks etc) for 10 clients as it would for thousands or tens of thousands.  Without enough subscribers, it is cost prohibitive. Relying on one provider is very risky and given the simplicity and low cost for redundancy in this space, is both a mistake and a missed opportunity for businesses.  Business as usual when your competitors are not, is a huge advantage and costs very little.  Spread out your risk, eliminate by using proven technology to do so.

 

 

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn

 

The increasing frequency of cyber attacks is costing Canada billions of dollars a year and hindering our ability to compete in the global economy, says a new report from the Canadian Chamber of Commerce. Cyber Security in Canada: Practical Solutions to a Growing Problem finds that cybercrime is an increasing concern for businesses and proposes cooperation between government and the business community to improve security.

 

“A study from the Center for Strategic and International Studies found that Canadian businesses are losing over $3 billion a year to cybercrime,” said the Hon. Perrin Beatty, President and CEO of the Canadian Chamber of Commerce. “It’s not technology-savvy security experts committing these attacks. Anyone with a computer and an internet connection can now disrupt services or hold data for ransom. What costs a criminal $100 may end up costing a business millions in lost money, time and reputation.”

 

Small businesses are particularly susceptible to cyber attacks because they often lack the financial resources and technical expertise needed to protect themselves. “SMEs comprise 98% of the Canadian economy. Nearly half have been the victim of a cyber attack,” said Mr. Beatty. “Their focus is on recovery instead of prevention. Unfortunately, recovery is often not possible. The average cost of a data breach in Canada is $6 million. Most small businesses would not be able to survive losing a tiny percentage of that figure.”

 

The report’s release comes after the federal government’s 2017 budget included $1.37 million for the fiscal year to continue programs already in place for risk assessment of critical infrastructure but made no direct mention of cyber security. “Government can’t do everything but they need to play a leadership role in securing Canada’s digital landscape for everyone,” said Mr. Beatty. “We need a public-private approach to address this urgent challenge.”

 

The report, released at the Lockheed Martin Canada IMPACT Centre in Ottawa, lays out a path for closer collaboration between government and business on cyber security, including providing incentives for security innovations and developing programs to increase workforce digital literacy. “By creating a stronger, more resilient cyber security framework we can better protect both our businesses and our citizens,” concluded Mr. Beatty.

 

The Canadian Chamber of Commerce is the vital connection between business and the federal government. It helps shape public policy and decision-making to the benefit of businesses, communities and families across Canada with a network of over 450 chambers of commerce and boards of trade, representing 200,000 businesses of all sizes in all sectors of the economy and in all regions. Follow us on Twitter @CdnChamberofCom.

 

Guillaum W. Dubreuil
Director, Public Affairs and Media Relations
The Canadian Chamber of Commerce

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn

Contributors

Blog Contributor Portrait
Brian Rodnick
190
March 17, 2024
show Brian 's posts
Blog Contributor Portrait
Greg Durocher
41
July 28, 2023
show Greg's posts
Blog Contributor Portrait
Canadian Chamber of Commerce
24
January 29, 2021
show Canadian Chamber's posts
Blog Contributor Portrait
Cambridge Chamber
2
March 27, 2020
show Cambridge 's posts

Latest Posts

Show All Recent Posts

Archive

Tags

Everything Manufacturing Cambridge Events Spectrum New Members Taxes Region of Waterloo The Chamber Property Taxes Government Waste Cambridge Chamber of Commerce Networking Success Di Pietro Ontario Chamber of Commerce Greg Durocher Scott Bridger Food Blog Canada Ontario Cambridge Memorial Hospital Business After Hours Discounts Member Benefits Affinity Program Web Development Visa, MasterCard, Debit Big Bold Ideas Politics Elections Municipal Provincial NDP Liberals PC Vote Majority Christmas Homeless Leadership Oil Sands Environment Rail Pipelines Keystone Canadian Oil Canadian Chamber of Commerce Small Business Next Generation Cyber Security Millennials Energy Trump Washington Polls US Congress Bresiteers Trade NAFTA Europe Economy Growth Export Minimum Wage 15 dollars Bill 148 Cost Burdens Loss of Jobs Investing Finance Canada Capital Gains Exemption Tax Proposal MIddle Class Member of Parliment Unfair Changes Small Business Tax Fairness COVID-19 Mental Health Self-isolation Social Distancing Ways to Wellbeing Education Conestoga College Online Training Business Owners Personal Growth Communicate Young Professionals Workplace Communication Stress Emotionally and Physically Animals Pets Lockdown CEWS Employee Relief Employee Benefit Cambridge 50th Anniversary Celebrating Cambridge ToBigToIgnore Small Business Week Support Local Buy Local Business Support Waterloo Kitchener YouGottaShopHereWR Responsibility Culture Workplace Antiracist Inclusion Diversity Racism Federal Election Services Autonmy Professional Salary Wages CERB Workers Jobs Guidelines Health and Safety Etiquette Fun Inperson Members Golf Tournament GolfClassic Business Business Trends Home and Garden Garden Pools Home Improvements Backyarding Renos Summer Airlines Business Travel Bad Reviews Reviews Consumers Competition Bureau Dining Out Expert Advice Outdoors Economicrecovery BBQ Vaccines Community vaccinations Conferences Virtual Visitors Sportsandrecreation Spinoff Screening Kits Tourism Trends Productivity Engagement Remote working EmploymentStandardsAct Employees Employers Policies Employment Contracts Legal Public Health Virtual Ceremonies SMEs Health Canada Prevention Rapid Screening Health Entrepreneurs Building social networks Storytelling Video The She-Covery Project Child Care Workplaces Contact Tracing Time Management Pre-Budget Modernization Canada Emergency Rent Subsidy (CERS) Budget Ontario’s Action Plan: Protect, Support, Recover Federal Government Hotels and Restaurants Alcohol Tax Freezethealcoholtax Canadian Destinations Travel Grow your business Sales and Marketing Digital Restructure Financing Structural Regulatory Alignment Technological Hardware Digital Modernization RAP (Recovery Activiation Program) Support business strong economy Shop Cambridge Shop Local #CanadaUnited Domestic Abuse Family Funerals Weddings Counselling Anxiety Pandemic Getting Back to Work UV disinfection systems Disinfection Systems