Sean Forkan, Vice President and Country Manager for VMware in Canada.
As a small or medium-sized business owner, you already know that it’s not unusual for you or your staff to wear many hats within the organization. IT and cybersecurity are no exceptions. Think of a typical $50-$60 million Canadian company. Businesses of this size very rarely can assemble an IT Staff that includes experts in all the various technical disciplines required to support the business – in fact, it’s frequently just one person who is responsible for solving all Network, Security, Server, Desktop, Operating System, Print, and Application issues.
Security is a particular challenge for SMBs. In recent years malicious actors have started to target more and more SMBs with the knowledge that their security tools, processes, and personnel are, in many cases, not as robust as in large enterprises. Just ask the fifth of Canadian businesses who told Statistics Canada in 2017 that their operations had been affected by a cybersecurity incident. Hackers know that SMBs are challenged in significantly investing in this area and they are taking their attacks down-market as a result.
Out of those businesses impacted by a cybersecurity incident, over half (58%) experienced some downtime. When systems go down, companies are often left scrambling to resolve several costly consequences that impact their bottom lines and growth.
Ready to assess your cybersecurity readiness? Start with these three guidelines:
Is your organization depending too much on one person to be the expert on everything?
This is the person responsible for making all the technical work. They might be full-time or parttime. Chances are they spend a lot of their day helping to resolve IT issues for employees. They are also responsible for protecting the business from a cyberattack or responding to a security breach. If this sounds like your business, it’s time to re-evaluate your IT resources. No one employee can protect a mid-sized business from an evolving array of security threats and also advise on how best to use technology to support business strategy. The cracks will eventually show in the business’s security and growth.
Is your business getting the help it needs externally?
If your internal team does not have the depth of cybersecurity expertise your organization requires, supplementing with help from elsewhere is essential. The array of technology solution providers out there is vast, so choose your consultant with care. Suppliers, partners, regulators and even customers often require businesses to implement cybersecurity measures. Statistics Canada reports that 29% of Canadian businesses were required to do so in 2017. As Canada’s privacy laws such as the Personal Information Protection and Electronic Documents Act (PIPEDA) are modernized, organizations may be faced with new responsibilities. Getting the right advice could make a real difference to your bottom line and corporate reputation.
Has your business implemented baseline security controls?
When it comes to cybersecurity, change is the only constant. To stay ahead, Canadian businesses must actively work to decrease their cyber risk. Start by assessing your baseline – what is your business doing now to keep the data of the organization safe? The federal cyber certification program CyberSecure Canada was created with small and medium enterprises in mind, promoting standardization and helping to position Canadian SMEs to compete globally. It is a helpful resource for those businesses which have yet to address their points of security weakness, requiring organizations to implement a baseline of security controls developed by the Canadian Centre for Cyber Security to gain certification.
Small and mid-sized businesses must practice good cyber hygiene all the time.
The notion that hackers only target big corporations is an urban myth – businesses of all sizes are at risk. Taking a proactive stance on security measures including password management, multi-factor authentication, patching, monitoring, intrusion detection, and backups don’t have to be a burden.
In an extremely competitive and customer-centric business environment where a company’s reputation takes years to build and seconds to destroy, having an updated and efficient IT security framework is a step in the right direction.