Hold on to your bits!
Welcome to the first in a series of posts on Information Security for Small and Medium Sized Businesses (SMBs). In this post, I want to describe why IT security is so important for any business today.
We have all experienced the loss of documents on our computers and gadgets at home, at work and while mobile. We rarely worry about it – that is, until we lose something important and quickly call someone for help.
Data Security, defined by Wikipedia, “means protecting a database from destructive forces and the unwanted actions of unauthorized users.” In a broader sense, what drives data security is business continuity and data recovery. This can range from a system failure, to a cyber threat and to a natural disaster.
Security is ubiquitous in modern day life. Are you surprised with the numbers below from the Google search words?
Security: 2,510,000,000 results
Data security: 1,140,000,000 results
Network Security: 907,000,000 results
Cybercrime: 10,000,000 results
The collective knowledge across a company and all locations is its main competitive advantage. Roberto Goizueta, the late CEO of Coca-Cola, famously said:
“All our factories and facilities could burn down tomorrow but you’d hardly touch the value of the company; all that actually lies in the goodwill of our brand franchise and the collective knowledge in the company.”
A company’s knowledge about its internal operations, processes, people and customers is the business. Lose access to your network or data and the business quickly loses money.
Why do so many business invest so little in securing their data and protecting themselves from cybercrime? Cybercrime, according to this 2011 article, is a high growth industry, experiencing double-digit increases year after year.
A recent joint 2012 study between the National Cyber Security Alliance (NCSA) and Symantec says, “There is a big disconnect between cybersecurity perception and reality at small and medium sized businesses.” Michael Kaiser, executive director of the NCSA, says:
77% of respondents said that their company was safe from the likes of hackers, viruses and malware, a massive 83% have no formal cybersecurity plan in place. Cybercriminals know that small businesses are less defended than large businesses and could appear as a very easy entry point for a lot of cyber criminals.” Laura Garcia-Manrique, vice president of SMB Customer Experience at Symantec says, “a small business is four times more likely to suffer a general malware attack than a larger organization.”
Small and medium sized businesses (SMBs) do not have the same resources to protect themselves like large companies. Yet, a security breach and data loss can devastate an SMB and put them out of business. SMBs need to make data security a priority.
“The occurrence of cyber attacks has more than doubled over a three-year period, while the financial impact has increased by nearly 40 percent. The most costly cybercrimes continue to be those caused by malicious code, denial of service, stolen or hijacked devices, and malevolent insiders. When combined, these account for more than 78 percent of annual cybercrime costs per organization.”
Annually, information theft accounts for 44 percent of total external costs, up 4 percent from 2011”. According to Websense Security Labs, Canada ranked second globally in 2011 for countries with the most phishing threats (see image below).
Much like securing physical assets, securing soft assets like a company’s data is crucial.
Data security and data theft is preventable and begins at the employee level. Every piece of data must be captured and made secure. For more on this, please come back for the Part 2 of my series on security for small and medium sized businesses. I will share strategies about how you can secure your data with minimal cost, time and effort.