5. If you have remote access to your server, ensure you have the most secure software. For example, Splashtop instead of RDP software. If you run a POS system that is backed up by the POS company you will have an open back door so it is very important to do step 4 at least weekly, if not more frequently.
6. You must keep your back up drives of ine in order to protect them from being infected by the virus. Unplug the back-up drives after you have backed them up. Either use a cloud service or use a manual back up disc on a regular basis so that if you get infected and you don’t pay the ransomware, you will still have access to your  les and data. Do not depend solely on a cloud to back up your  les as this back up can become infected as it is Internet based so make multiple back-ups.
If you  nd that your  les were breached and your customer’s privacy
was compromised you need to report the breach to the Of ce of the Privacy Commissioner of Canada and inform your customers of the breach or you could be  ned $100,000. The link for the Privacy Commissioner is: www.priv.gc.ca/en/privacy-topics/privacy-breaches/
LESSONS LEARNED FROM CYBERATTACKS
There are several lessons that can be learned from cyberattacks:4
• It’s better to have a proactive defense rather than a reactive response.
• Backups are essential to recovering from ransomware. Identify critical applications and ensure they are appropriately backed up. This may mean daily, hourly or up-to-the minute depending on the nature of your business.
• Ensure your security is comprehensive and up-to-date: proper  re- walls, antimalware for all of your endpoints (i.e. work devices such as laptops and smartphones outside of your corporate  rewalls that staff use to connect to your central network), and anti-spam protection for your email.
• Continually give your users security training. People are both the weakest link as well as the best defense against a ransomware attack; everyone needs cyber security training.
• Make sure that your disaster recovery plan includes a ransomware attack scenario – what does your company need to do to run on “manual” during your recovery?
ENDNOTES:
THEY WON’T HACK US WE’RE TOO SMALL
Wrong. And hackers love that atti- tude. Hacking is a sophisticated and thriving business. Hackers are serious about collecting ransom money. Whether the ransom demand is small or large, the amount paid in bitcoin is pure pro t, untraceable and easy enough to get from a small business owner anxious to retrieve valuable data and keep functioning.5
Hacking unprotected small business systems and collecting ransom amounts that are “afford- able” to small business owners earns a cyber criminal a tidy pro t. The majority of smaller ransom attacks go unreported, which can encourage the attacker to return later for more money. Or, the busi- ness pays the ransom and does not get its data back.
Being prepared against a cyberattack at your facility, with the proper security software and the right data backup protocols is your best protection. Don’t be lulled with the false sense of secu- rity that hackers won’t target smaller operations.
Golf Business Canada
1 www.investmentexecutive.com/news/industry-news/canadian- rms-need-to-take-cybersecurity-more-seriously/ 2 www.ctvnews.ca/business/more-than-1-in-5-businesses-hit-by-cyberattacks-last-year-statcan-survey-1.4134535
3 www.antifraudcentre-centreantifraude.ca/fraud-escroquerie/extortion-extorsion-eng.htm
4 www.xbase.com/2018/11/ransomware-rise-look-canadian-businesses-respond-attacks/
5 www.netcetera.ca/cybercriminals-target-canadian-small-mid-size-businesses/
20 Golf Business Canada