The better the question. The better the answer. The better the world works. У вас есть вопрос? У нас есть ответ. Решая сложные задачи бизнеса, мы улучшаем мир. У вас є запитання? У нас є відповідь. Вирішуючи складні завдання бізнесу, ми змінюємо світ на краще. Meilleure la question, meilleure la réponse. Pour un monde meilleur. 問題越好。答案越好。商業世界越美好。 问题越好。答案越好。商业世界越美好。

How can private businesses protect themselves from cyber threats?

(As originally published on LinkedIn, 1 October 2018)

The race for digitization is on, and companies are jumping head first into the deep end of the cyber world.

This massive push for technological adoption is making today’s business landscape exciting and ever shifting, but far too many companies are rushing toward digitization without properly understanding cybersecurity management. In fact, according to EY’s Canadian Growth Barometer, 92% of companies plan to adopt artificial intelligence (AI) in the next 5 years, yet only 9% see cyber threats as a primary challenge to growth.

Why the disconnect? Cyberattacks don’t just affect large companies and governments. Mid-market private companies are just as vulnerable.

Here are three ideas to help you protect your business from cyber threats. 

Preform a cybersecurity assessment

Due to the daily pressures and challenges of running a business, it can become difficult for owners and management to take the necessary resources and time to assess their cybersecurity needs and weaknesses. Just like any other aspect of running a business, a long-term approach should be taken and cyber should be integrated into a company’s risk management discipline.

The impact of a security incident — regardless of whether it’s from malicious intent or simple carelessness — can have massive impacts on a business’s revenue and reputation.

Take the time to assess your cybersecurity needs. It may require some short-term time and resources, but it can help you avert a major crisis down the road. 

Look at employee behaviour

It’s easy to think of cybersecurity as just a tech issue, but really it often comes down to people. Unfortunately when it comes to cybersecurity, people seem to be a business’s weakest link. Cybersecurity and privacy compliance are not just management’s or the IT department’s responsibility; every employee must play their part in keeping the company’s information and operations secure. With that being said, it is management’s responsibility to provide training and education to their employees concerning privacy compliance and data security.

A comprehensive and integrated cybersecurity training should be incorporated into a company’s onboarding process. Training employees to recognize and react to social engineers and malware breach attempts can be an effective first step towards securing your business.

Be proactive

If you wait until you’re attacked to take action, it’s already too late. Setting up a cybersecurity protocol before any threats are present can help you proactively protect your data and your business. Rather than be in a perpetual state of emergency and scrambling to respond to threats, why not build and implement protection from the beginning?

Cybersecurity is an ever-evolving issue; by building a robust protection and countermeasure program, you enable yourself to cope with changes as they come far more easily than addressing every threat from scratch.

Even starting to implement small changes to your organization can kick-start your cybersecurity journey. Two-factor authentication, a through onboarding and off boarding process, password strength policy and secured remote access can all have significant benefits to your overall digital security.

Navigating the rapidly changing cybersecurity landscape can be a daunting task, but you’re not alone. To learn more about how EY’s Private Client Services practice can help your business design and maintain an effective cybersecurity protocol, visit us at


Carlos Chalico

Carlos Chalico

Senior Manager

Private Client Service

+1 416 943 5338