Cybercrime | Less than a quarter of Quebec SMEs protect themselves adequately

Quebec SMEs delude themselves if they think that their small size or their French-speaking character makes them less attractive to local or foreign cybercriminals.

Marc Tison
The Press

While 85% of SMEs in Quebec say they are concerned about their cybersecurity, barely 23% have adopted the four basic protection measures (see table below).

However, half of Quebec SMEs have been victims of a cyberattack in the last year.

This is revealed by a web survey conducted from September 2021 to February 2022 by SOM and the firm Dévolutions among 151 IT professionals and decision-makers from Quebec SMEs.

“We see that in Quebec, there is still a delay in terms of investment in cybersecurity. Often, we are polite, we talk about two years late, but it’s a little more than that, “says David Hervieux, president and founder of Devolutions, a Quebec firm of remote office management and cybersecurity solutions. , which has some 800,000 users worldwide.

The cyberthreats most feared by Quebec SMEs are ransomware (73%), phishing (68%) and malware (66%). But the main threat may not come from where they expect it. Among companies that have been victims of cyberattacks, ransomware is half as common (27%) as phishing (56%).

These concerns have nevertheless translated into concrete actions: 46% of respondents have increased their spending on cybersecurity over the past year. However, more than the budget, it is the continuity of efforts that erects the strongest walls.

Some might believe that the French-speaking particularity is in no way an obstacle to cyberbandits, even if they are foreigners. Mistake.

“Indeed, we have often thought that when we receive an email in English, it does not affect us,” notes the president of Devolutions.

But if only by using translation software, cyber crooks are now perfectly capable of adapting to their French-speaking “market”.

“Before, there was the myth of the badly written email full of mistakes, but now it’s a little more sophisticated. »

Changes within changes

Quebec SMEs still too often neglect the most basic precautions. Nearly one in five companies fail to revoke access to former employees who retain confidential information about the organization.

Another mistake that may come as a surprise: 38% of SMEs change their passwords several times a year — a rather inadvisable procedure.

Because there has been a change in the password changes.

It’s the best way to make potatoes.

“After a certain number of years, you end up with a password that is too weak. »

In the United States, the National Institute of Standards and Technology now advises companies to modify their access only following a computer security breach.

Four basic measures

Nearly 9 out of 10 Quebec SMEs believe they have a good level of protection against cyber-bad guys, but less than a quarter have implemented all four basic protection measures.

Compared to foreign SMEs that were also surveyed by SOM and Dvolutions, Quebec SMEs lag behind in the application of three of the four measures.

Yet the cost of these measures is not always a push factor.

However, security audits can be more expensive, he acknowledges.

“It can be very expensive because it comes with a list of things to fix. It is as if you are going to have your car inspected when it is 15 years old. You may get a lot of things to fix. »

But for the SME as for the car, it is about safety on board.