5 min read

How to Protect Your SME Against Cyberattacks

Featured Image

Cybercrime and how your SME can deal with it.

Do you know where your biggest cybersecurity vulnerabilities are? If you’re like most SMEs, the answer is “no.” In this article, we’ll help pinpoint some of those vulnerabilities and show you how to lower your risk of a breach and reduce the impact of any breaches that do occur.

According to expert and governmental opinion, as well as recently published statistics, Canadian SMEs are under the constant and serious threat of a cybersecurity breach. Approximately 71% of data breaches in Canada involve SMEs that make up 98% of all Canadian businesses.

“Smaller companies tend to overestimate the effectiveness of their cybersecurity because they often fail to grasp the complexity of the challenge, particularly with the shift to remote work,” state cybersecurity experts Adrian White, Director of Financial Crimes for the Canadian Bankers Association, and Michèle Mullen, Director General of Partnerships and Risk Mitigation for the Canadian Centre for Cybersecurity.

Though up to 54% of SMEs believe their companies are “too small” to be hacked, nearly a quarter of small businesses in Canada have experienced a cyberattack since March 2020. With more SMEs turning to online solutions in this new era of digitization, the potential for cybercrime will only increase.

Is your business adequately prepared for this uptick in cyber threats? Like many Canadian small and medium-size enterprises, you may not feel confident about the basics of securing your business’s online activity. Fortunately, there are cybersecurity solutions you can implement to quickly boost your organization’s security.

How Covid-19 impacted cybersecurity for Canadian SMEs

The Covid-19 crisis drove an increasing number of SMEs online. This digital shift and the use of new online technologies such as contactless payments, with which many business owners aren’t necessarily familiar, have increased the opportunity for cybercrime.

We have entered a new era of cyber-threat,” David Masson, the Director of Enterprise Security at Darktrace, recently told Canadian SME Magazine. “We are facing faster and more furious attacks on an unprecedented scale.” Expanding software supply chains, remote work, and any other changes that bring operations to the Internet can result in an increased cybersecurity risk.

What is cybersecurity and how does it affect SMEs?

Cybersecurity is the protection of important systems and information on anything connected to the Internet, including hardware, software and data, mobile devices, networks and electronic systems such as camera surveillance from digital attacks. These attacks can take dozens of different forms.

There’s no understating the impact cybercrime has on Canadian SMEs and the Canadian economy as a whole. As of 2022, data breaches cost Canadian small businesses more than $12,000 CAD per employee and 85% of SMEs surveyed say cybersecurity trouble would severely impact their business, with 57% saying an attack would put them out of business. Out of almost 250 SMEs surveyed, 36% reported that they had experienced an incident in the last 5 years.

Cybersecurity challenges SMEs face

Most SMEs find themselves at risk of a cyberattack precisely because they don’t know they are at risk. A lack of cybersecurity awareness is the number one culprit for cyber threat vulnerability. 

Even those aware of the risks usually don’t have the technical knowledge to implement a solution. Since a majority of SMEs have four or fewer staff members and, on average, dedicate just 11% of their revenue budgets to IT, it stands to reason they don’t have specialized staff to tackle the problem. 

That doesn’t mean SMEs are up the cybersecurity creek without a paddle. Here are some steps SMEs can take to immediately boost their protection against a range of attacks. 

How to quickly set up a cybersecurity strategy:

The Canadian federal government, through the CyberCentre (Canadian Centre for Cyber Security), published baseline cybersecurity controls for small and medium-size organizations. The document provides step-by-step protocols to help stakeholders secure digital networks to an internationally-recognized standard of protection, without needing any special IT expertise.

Some key takeaways from the document and other evidence-based approaches are:

  1. Create a documented cybersecurity plan that clearly explains the best practices you plan to use.
  2. Educate your staff on your cybersecurity protocols, including common scams to watch for, and explain their individual roles should a cyberattack occur.
  3. Keep passwords, laptops, personal IDs and the door to your office secure.
  4. Develop a written incident response plan that outlines the steps you will take when a cyberattack occurs. A staggering 65% of SMEs have failed to act following a cybersecurity incident, and 48% have no strategy for preventing future attacks.
  5. Install antivirus software and a firewall – robust, free, and easy-to-install processes include Comodo Internet SecurityX, FortiClient, and Windows security.
  6. Install all updates on your computers and servers – there are many.

If you need help implementing these 6 steps, look for a reputable cybersecurity consultant to assist you. More sophisticated solutions are available, but these are often best outsourced to certified managed security service providers (MSSPs), firms whose job is to manage and monitor all your security systems.

While the costs of MSSPs may seem out of reach, the Canadian government is responding to increased worldwide cybersecurity threats, especially towards SMEs, with dedicated funding and resources. Consult the list below to see if your SME is eligible for any federal cybersecurity programs.

New federal cybersecurity resources for SMEs

A man stands while working on a laptop in a corridor of servers.

On April 7, the Government of Canada tabled its latest budget, which pledged $875.2 million over five years and $238.2 million ongoing, to address “the rapidly evolving cyber threat landscape.” The funding announcement came amid growing concerns about Russian state-sponsored cyberattacks, as well as reports of increased attacks on SMEs.

The Canadian Centre for Cyber Security, a federal government agency, updated its cybersecurity resources for small and medium-size organizations aimed at educating companies about cyber risks. The document contains evidence-based tips for preventing, detecting, and responding to a variety of cyber incidents.

“These foundational cyber defence best practices are easy to implement and help SMEs get the most out of their cybersecurity investments,” writes Adrian White, Director of Financial Crimes at the Canadian Bankers Association, and Michèle Mullen, Director General, Partnerships and Risk Mitigation at the Canadian Centre for Cyber Security, in a recent brief on the issue.

Small and medium-size businesses can access a learning hub for SMEs, register for a cybersecurity certification program, read a breakdown of common scams and fraud, and refer to a guide on creating your own incident response plan through the Canadian Centre for Cybersecurity.

How to prepare for future cybercrime in Canada

“A further increase in cybercrime is highly likely in the near future,” warns INTERPOL, the International Criminal Police Organization

“Vulnerabilities related to working from home and the potential for increased financial benefit will see cybercriminals continue to ramp up their activities and develop more advanced and sophisticated modi operandi.”

Research shows that North American SMEs face a disproportionate risk in this new era of cybercrime. The continent is the most expensive place on earth to suffer a data breach, with Canadian and American SMEs paying an average of $149,000 US to fix each breach.

In a world defined by online interaction, there’s seemingly no limit to the ways cybercriminals can target small and medium-size businesses, but your best defence is understanding and preparing for the threats. Cementing a strong cybersecurity strategy that outlines minimum security standards using the tips and resources above will help you develop a level of cyber defence that can significantly boost your protection against a variety of common attacks.


No matter the size or sector, every business in Canada is vulnerable to cybercrime. While large corporations invest heavily to maximise protection, many SMEs believe they’re simply too small to be hacked. They couldn’t be more wrong.

In fact, nearly three-quarters of today’s data invasions target SMEs. Underestimating the threats leaves the door open to cyberattacks that have affected more than 35% of small businesses across Canada in the last five years. And the growing trend of remote work has only opened more doors to cybercriminals.

Being prepared for this nasty business is essential and not nearly as expensive as you may think. A cyberattack is far more costly, estimated as high as $12,000 per employee, and could quickly put your SME out of business.

If you’re concerned about your exposure, The Canadian Center Centre for Cyber Security offers resources for small and medium-sized organizations, including invaluable tips for preventing, detecting, and responding if your business gets hit. Taking cybercrime seriously and making your SME’s security a priority should be as essential as locking your doors and setting the alarm before you leave for the day.


Today’s world is defined by online interaction and infested with hackers looking for an easy score. There’s no limit to how cybercriminals can target and hurt small and medium-size businesses. SMEs are soft targets for hackers because these businesses think they’re too small to be on the radar. That’s exactly the kind of juicy, unprotected opportunity that gets hackers salivating.

Understanding and preparing for these attacks should be a significant part of any business plan. A smart cybersecurity strategy with even minimum standards can increase your protection against many all-too common attacks.

When more than half of Canadian SMEs don’t believe they are vulnerable, you only have to look at the nearly 25% of SMEs that have experienced a cyberattack since 2020. Don’t get caught off guard. There are many free resources to help you implement a basic online protection plan. Today, cybersecurity is simply good business.


Related Articles

The Playbook for Building Out Your Network: Updated for 2024

Expand your SME business network the right way. Learn how to connect with like-minded SME owners and decision-makers to...

Read More

The 2023 SME Playbook for Building Out Your Network

Expand your SME business network the right way. Learn how to connect with like-minded SME owners and decision-makers to...

Read More