by Dana MacDonald
What images come to mind when you think of cybersecurity? Maybe you picture wall-to-wall columns of monitoring equipment, firewalls, or endless strings of code. Unless you’ve worked in the IT sector, your concept of what cybersecurity entails is probably a broad one, informed by portrayals in countless films and TV shows. With technology being an opaque subject to many, it’s understandable why some business owners and individuals shy away from tackling the topic. Technology often feels like its own realm, broken down into countless detailed components, each with their own terminology. The truth is, you don’t have to know what a GSLB or a DDoS is to effectively take steps to protect your online experience and information.
In reality, cybersecurity exists on a broader, communal scope, but is dependent on the actions of individuals to ensure that protective measures aren’t compromised.
That’s where New Brunswick cybersecurity company, Beauceron, and their partnership with the Canadian Internet Registration Authority (CIRA) come in. Banding together to offer their Cybersecurity Awareness Training program, CIRA’s training is now open to the Fredericton Chamber of Commerce full-time employees for a discounted rate. The goal of the program is to make cybersecurity knowledge accessible, with day-to-day safety practices that reduce risk to business networks. Lindsay Carreau, CIRA’s Business Development and Partner Programs.
It’s understandable where the inspiration for the cybersecurity program came from: An average of 71 percent of Canadian businesses experience cyberattacks once or more per year. Despite unpromising statistics like these, only 41 percent of Canadian businesses enforce mandatory internet awareness training. Part of this gap originates from business owners assuming that a smaller company isn’t an attractive target to hackers, paired with fewer financial resources. Carreau explains, “Cost would probably be the [main] reason [for not implementing security measures], sometimes businesses don’t see it as a priority”, meaning that small business owners are less likely to have protective tools and practices in place. The issue, Carreau says, is that hackers are also aware of this tendency and are able to put it to use for an opportunistic attack. One such method of attack Carreau has observed is “spear phishing”: “…when a ‘bad actor’ pays attention to habits happening within your business and takes advantage of areas of inattention”, and for the 59 percent of businesses without proper training, that can mean an attacker is comfortable posing as, for example, your VP of Finance to gain access to privileged information, she says.
Through the CIRA and Beauceron’s program, staff receive training in intervals throughout the year via tools like monthly phishing simulations. Such a quickly-evolving medium needs training that matches. For this reason, Carreau notes, “The education courses are updated monthly and change with what’s going on in the world. Clients also have access to new modules whenever they want”. Employers are able to track company progress through individual and departmental cyber risk scores, dependent on individual navigation of the tests. This targeted approach ensures that employees are receiving the training they require most while teaching them to view digital content critically for suspicious features. Members of a network not having internet awareness are a liability for security, but when they receive training on safer practices, they become, as CIRA would phrase it, “a human firewall”.