Mon, June 17
Weather Icon Edmonton 11°C



The New Risk Management


It’s suddenly the hot topic and a threatening and scary fact of business life – the new risk management. Maddening, frustrating and, particularly for small and midsize businesses (SMBs), much more common and expensive than some realize or admit. What is it? Cybercrime and cybersecurity.

“A recent study by tech giant Bromium showed that cyber criminality platforms and a booming cybercrime economy resulted in USD $1.5 trillion in illicit profits, laundered, spent and re-invested by cyber criminals,” explains Kim Krushell, co-founder and EVP of Edmonton’s Treefort Technologies Inc., which continues to grow as a respected gold standard in digital ID technology in Canada.

“Cybercrime is a problem everywhere and Edmonton businesses are certainly not immune. According to Edmonton Police, Edmontonians lost $55 million to various fraud crimes in 2022 and that’s not the full picture, because a lot of cybercrime is not reported.”

Tech experts and trends agree. Businesses are more aware than ever and cybersecurity has quickly become the new risk management priority. Cyber attacks are crimes of opportunity, laced with one aggravating fact: the more diligent businesses get about cybersecurity, the slicker and more evil the cyber criminals get and the more vulnerable and less protected the business remains.

MNP, one of Canada’s largest business advisory firms, has extensive experience advising business leaders and particularly SMBs about cyber security risks, trends and the crucial need to improve their resilience to attack.

“There is little doubt about increased attention to cyber security over the last several years,” says John McLaughlin, partner with MNP Digital. “Several high-profile breaches, international conflict and the explosion of ransomware have brought the issue front and centre.

“Particularly since the pandemic disruptions and more people working from home, cybercriminals have taken advantage of the increased vulnerability of hacking access via remote workers. Also, the rise of cloud computing, IoT devices and expanding networks have added new layers of complexity to the threat landscape.

“All things considered, it makes it more challenging for organizations to protect against cyber attacks.”

There is also an insult-to-panic injury. The begrudging realization that, in many cyber attack situations, the business itself is the root cause and the problem.

It is a resounding and documented fact. Employees of all sizes of businesses can make the business vulnerable to cyber attacks. As more and more employees in Edmonton – and around the world – routinely work remotely, cyber security in business has become a critical factor.

IT specialists are unanimous. Working around two-plus years of pandemic shutdowns and disruptions triggered a surge in cyber attacks for businesses. “Suddenly, everyone was working from home,” Krushell explains. “Not coincidentally, Treefort Technologies, took off during that time, primarily because the pandemic created an immediate need for our technology that can spot fake IDs, scan for deep fakes and identify other fraud risk indicators.”

Many SMBs routinely use cloud-based technology and tools for their daily operations, including online meetings, advertising, buying and selling, communicating with customers and suppliers, banking transactions and more.

While precise statistics vary by area and industry sector, it is undisputedly proven that a high proportion of data breaches are caused by insiders who, either maliciously or carelessly, give cybercriminals access to a business’ insider info.

“Email, Wi-Fi hotspots, cell phones, data servers – are all points of entry for cybercriminals to attack a business,” she warns. “Most of the attacks involve tricking an employee in some way, for the purpose of gaining access to a company’s system. It is as simple and insidious as that.”

McLaughlin highlights some common SMB cyber risk curses.


  • Remote access and personal devices. SMBs may not have secure remote access protocols in place and many employees may not have secure home networks, leaving them vulnerable to cyber attacks.


  • Identity Management. Many smaller businesses do not have multifactor authentication and employees too often use weak, easily guessable passwords, making it easier for cybercriminals to gain access to the business’ systems. Weak passwords are a notorious cause. Research indicates that 63 per cent of data breaches were caused by weak passwords, which take hackers seconds to crack.


  • Email phishing is a common attack vector and one of the main sources of cyber crime. More than 90 per cent of all attacks start with a phishing email.


  • Lack of backup and disaster recovery. Unfortunately, many SMBs do not have adequate backup and disaster recovery plans in place, making them victims for data loss and downtime.


Krushell urges effective and updated cybersecurity management. “The undeniable fact is that cyber attacks are increasing, not decreasing. The best way to reduce a business’ vulnerability is by ensuring all employees are provided with cybercrime education and training.”

IT analysts and consultants are reluctant to imply that big corporations are better protected from cyber attacks than SMBs but the business bottom line suggests that SMBs often have limited resources to invest in security, leaving them more susceptible.

“Cybercriminals target everything from SMBs to hospitals, to targeting homeowners and committing mortgage fraud,” she points out. “I would suggest that small businesses are more at risk because they often cannot afford the type of cybersecurity prevention and controls that a large company would invest in, so they are an easier target for cybercriminals to attack.”

The alarm bells are ringing for SMBs’ owners and managers. Seven in 10 SMBs are more concerned than ever about cyberattacks, according to a recent joint survey from the Canadian Federation of Independent Business (CFIB), Canada’s largest association of small and medium-sized businesses with 95,000 members across every industry and region.

“The last two years saw a huge number of small businesses increase the amount of business they are doing online, which has many benefits but also introduces new risks,” says Laura Jones, executive vice president of CFIB. “It’s critical to make it easy for business owners to protect themselves in this new environment.”

According to the survey, one in four small business owners reported an increase in cyberattack attempts against their businesses in the past year and 8 per cent of SMBs were victims of a cyberattack that cost time, money and usually both.

“To protect against threats from within, SMBs should invest in cybersecurity training for employees,” McLaughlin suggests. “The training should include the importance of using strong passwords, spotting phishing emails and establishing clear policies describing how to handle and protect customer information and other company data.”

IT experts offer a vexing reality check. The cybersecurity bottom line is that, due to the growing frequency, sophistication and magnitude of cybercrime events, it is more and more difficult to foolproof a business from hacks and cyber attacks.

“Now that the genie is out of the bottle, I do not think we can turn back the clock and reduce cybercrime by getting people to stop remote working,” Krushell, says with blunt conviction. “We must focus on educating businesses and workers about the many efficient and effective things people can do to protect themselves.”