It’s hard to turn on the radio or pick up a newspaper (paper or digital) without hearing about the security risks deriving from life on the internet. A probe into the Russian hackers who allegedly swayed the results of the 2016 American election.50 million members affected by the latest data breach at Facebook., it certainly seems to be taking up a lot of people’s time and attention. We’re now talking about a new global industry that will measure over $150 billion annually in 2018!
Wikipedia tells us that “computer security, cybersecurity, or IT security is the protection of computer systems from theft or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide.” So, the question I want to pose is: How concerned should an owner of a typical SME or the ED of a non-profit in Ontario be about protecting their operations from theft or damage to the data on their computer systems? Would such an event cause significant disruption or misdirection of their services?
According to a cybersecurity expert that I was talking to recently, the answer to that question is different for every organization. It depends on a myriad of factors such as the nature of the business, the nature of the data being collected and stored, any relevant legislation that governs the use of that data – and the list goes on.
The key point for most small to medium organizations is that most of them are not at all worried because they do not even understand the risk. Small community agencies running their operations on used computers of questionable age do not have the resources to even tackle the diagnostics required to assess the risk. We may think that the days are long gone when the backup diskette in the locked cabinet in the boss’s office was the sum total of the company’s data security planning. But are they? Do you allow your employees to work from home or access the company’s database on their smartphones?
If you do, think again because it only takes one weak link to let hackers in. What happens next is yet to be written in most of our organizations.
Later this fall, we will be offering a webinar to our clients on cybersecurity in small and medium-sized enterprises. Details to follow on date and time. I hope you’ll join us as we continue to explore this critical subject.