Canadians are known for their entrepreneurial spirit, which has led to a thriving national economy. According to Statistics Canada, Canada has nearly 35,000 new entrepreneurs each year. A total of 99.7 percent of all Canadian enterprises are small- to medium-sized businesses (SMBs) with less than 500 employees, and micro-enterprises (with 1 to 4 employees) represent 54.1 percent of all private employers. Ninety percent of Canadians in the private sector work for an SMB.
In the digital economy, a robust online presence is vital to driving growth and revenue. A recent study (July 2019) conducted by BDC, a Canadian bankdevoted exclusively to entrepreneurs, finds that developing online presence leads to higher revenues, increased direct customer communications, and elevated access to the global marketplace. BDC’s study concluded that although it is widely known that being online drives growth, with 46 percent of respondents identifying increased revenue and sales as the primary benefits to being online, only 40 percent of Canadian SMBs with an online presence sell and take orders online. This means that 60 percent of Canadian SMBs are missing out.
Canadian SMBs are Missing Out on Revenue
“Still too many Canadian entrepreneurs leave money on the table for grabs by Canadian and foreign online competitors. Considering worldwide retail e-commerce sales are expected to double between 2018 and 2021, it is vital that Canadian business owners take their digital presence seriously,” states Pierre Cléroux, VP of Research and Chief Economist, BDC. “A strong online presence should be at the heart of any business that wants to continue growing and remain competitive.” Most Canadians shop online and, according to Statista, generated USD 40B in 2018 in Canadian retail eCommerce revenue. Yet, according to Statistics Canada, almost half of all Canadian SMBs still didn’t even have a website as of 2017.
It begs the question, why would SMBs not take advantage of the online market to grow their business? No longer does a shareholder need to be an IT expert to set up shop online with readily available low cost, easy to use web creation services. A mere 15 percent of BDC’s surveyed respondents identified cost as their top challenge in setting up online. According to BDC, enterprises that expand their business online spent $37,458 on average on website creation and maintenance over the last three years. If not cost, then what is holding them back? The answer is cybersecurity and data protection.
Thirty-two percent of SMBs cited data protection and cybersecurity as their top challenge when growing their business online, according to BDC. With the GDPR and PIPEDA policies and the corresponding fines, protecting consumer data and company information is an intimidating business. Add to that the value of data to both threat actors and competing companies and the challenge for SMBs to increase their online presence safely becomes formidable. The promise of increased revenue through online sales is only truly valuable if it comes without detriment to your data, your company’s reputation or the financial repercussions of breaches and fines.
Cybersecurity Measures for SMBs Growing Their Online Presence
According to The Canadian Centre for Cyber Security’s Baseline Cyber Security Controls for Small and Medium Organizations, organizations should ensure that, at minimum, their websites meet the Open Web Application Security Project (OWASP) and Application Security Verification Standard (ASVS) guidelines. The Canadian Centre for Cyber Security offers a comprehensive guide on necessary cybersecurity policies for SMBs. The baseline controls are essential ways to help reduce the risk of cyber incidents and data breaches and should be the minimum security standard for your SMB.
Strict Access Controls for SMBs
SMBs need to follow the access rule of least privilege. This means users have only the minimum system access required to do their job. Ideally, administrative accounts should have even more stringent access controls in place. As they have more sensitive data available to them, user-level activities like accessing email and online browsing should be limited or banned.
To accurately track user activity, for accountability and visibility purposes, SMBs should give each user a unique individual account, eliminating shared accounts. When an account or functionality is no longer needed, such as when employees leave an SMB or change positions within it, the company should have a process for revoking the account in place. As well, medium to large businesses should have centralized authorization control systems implemented.
Select a Trusted eCommerce Platform for Your SMB
Building your online store on a reputable Software-as-a-Service (SaaS) platform means that you are paying for specialists to help you build and host and help to take care of problems like cybersecurity. A respected eCommerce provider will continuously monitor all stores on their platform for cybersecurity issues.
Use HTTPS to Secure Your SMB’s Website
Secure Sockets Layer [SSL] is standard security technology for establishing an encrypted link between a web server and an online browser. SSLs are essential to eCommerce transactions, helping ensure sensitive financial and personal data is protected throughout the sales process. HTTPS protects your online business and customers from sniffing and impersonation cyber incidents.
For a higher level of security Marc Laliberte, Information Security Threat Analyst, WatchGuard Technologies, recommends enabling HTTP Strict Transport Security (HSTS). He says, “HSTS tells web browsers to automatically redirect HTTP requests to HTTPS and prevents users from overriding invalid certificate warnings. This reduces the possibility of fraudulent modifications to your user’s web requests and helps to prevent man-in-the-middle attacks.”
Patch and Update your SMB’s Website
“Unpatched applications and extensions will make your eCommerce site an easy target,” says Laliberte. “Hackers love low-hanging fruit and often use automated web crawlers to look for sites with unpatched applications. Keeping your website and backend software updated with the latest security patches is the single biggest (and often simplest) step a small business can take towards stopping an attack.”
The baseline controls aim to help SMBs with how to maximize the effectiveness of their cybersecurity investments and avoid unnecessary risks. To take your SMB’s cybersecurity to the next level, check out this four-part series on cybersecurity for businesses with limited resources. SMBs should strongly consider going beyond these basic controls and seek out more comprehensive cybersecurity measures such as those provided by a cybersecurity solutions provider, like ISA, with industry experience in helping companies grow their web presence, safely.