An online cybersecurity training program aimed at Canadian small and medium businesses debuts today, months after it was supposed to launch
Cybersecurity Academy, a gamification platform open to the 95,000 members of the Canadian Federation of Independent Business (CFIB), was first announced in March and promised to go live in either the spring or the summer.
“We spent a lot of time discerning the contents and making sure that it was the right tone and digestible for business owners,” Mandy D’Autremont, the federation’s vice-president of marketing partnerships, said in an interview. “We wanted to get it right.”
“We didn’t want to put something out there that was rushed.”
Cybersecurity Academy is available in English and French.
Like many gamification platforms, participants can earn badges for successfully completing training sessions. Businesses can then decide how to reward top finishers.
As an extra incentive for playing, the federation is offering a cash bonus: Every person that completes a course is entered into a draw for a $10,000 prize. One individual in each province and territory is eligible for a $500 prize.
For a limited time, CFIB is also opening up access to non-members, with a free temporary membership to allow them to complete the Cybersecurity Academy courses.
Designed with the help of Mastercard and built on a learning platform hosted by Toronto-based Horizn, CFIB Cybersecurity Academy starts with four courses: Cybersecurity basics; Detecting Social Engineering; Protecting Your Business from Cybercrime; and What To Do When You’re Hacked.
Early next year, courses on recognizing fraud and how to handle issues with credit cards will be added.
Each course has five lessons, which take between five and 10 minutes to complete.
In announcing the program the CFIB said a survey of members showed only 11 per cent of respondents said their firms offered mandatory cybersecurity training to their employees in the past year. Another eight per cent provided optional training
“We have been surveying our members on cybersecurity a number of times over the last couple of years,” said D’Autremont. “What we heard from them consistently is they don’t know where to start. The majority are not offering cybersecurity awareness training to their employees. But it [cybersecurity] is still a huge risk for small businesses. Forty-five per cent have experienced a random attack in the past year. Twenty-seven per cent had targeted attacks in the last year. It’s an increasingly threatening issue that has a huge cost to business owners.
“CFIB has the audience to get this kind of education program into the inboxes of business owners. Even more important is making the training approachable to them, giving them tools and templates they can immediately start to use.”
Asked why in 2022 small business owners still say they don’t know where to start in cybersecurity, D’Autremont noted that some feel they are too small to be a target of threat actors. “That is a common theme we hear,” she said.
“And small business owners have a million and one things they have to focus on,” she added. “They don’t have teams dedicated to every aspect of their business. They don’t necessarily have an IT team. They are their own IT team.”
She said the CFIB feels it can help play a role to raise the profile of cybersecurity to business owners and make it easier for them, and their employees, to learn about it.
The academy also offers templates to help businesses set up a cybersecurity framework. Templates include how to create an emergency contact list and an incident response plan, how to inventory hardware and software, and how to create a policy on the proper use of social media.
Ideally, D’Autremont said, 20 per cent of the federation’s businesses will enroll in the academy.