|
||
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: |
SMALL BUSINESS IN THE DARK ABOUT IT SECURITYSource: The StarPosted on October 22, 2009 When it comes to data security and privacy risks, many small and medium-sized businesses may have their heads buried in the sand, experts say. That's because these companies tend to ignore the risks of a breach, believing they will never be targets, or that it will cost too much to beef up safety measures. In fact, it's a risk they can't afford to take, says Nicholas Cheung, head of assurance services development for the Canadian Institute of Chartered Accountants. Customers expect a personal touch from smaller companies, and in return, trust them with more information. A security breach, whether it's credit-card information left exposed on a website, or a laptop filled with customer details that goes missing, can spell disaster. "If something happens where a small business might lose the information, you're breaking that bond, that trust, and really, your reputation is at stake," Cheung says. A survey released last year by security vendor McAfee found that, in Canada, 44 per cent of small and medium-sized companies spent just one hour or less each week on IT security. A study issued jointly by Telus Corp. and the University of Toronto's Rotman School of Management in July 2008, found that only 59 per cent of companies have an IT security strategy in place that is properly enforced. These days, most security attacks aren't targeted at all; programs that are designed to steal data automatically scan networks around the globe, looking for vulnerable computer systems. And if someone is trying to target a larger company, a smaller partner would be a logical place to start, says Robert Beggs, head of Digital Defence. Consider a national firm that outsources a marketing campaign to a one-person shop. "I know the small company is going to be less secure. They don't have security staff. They don't have the money to buy intrusion detection systems that might catch me. They might take shortcuts in their security." Business owners typically overlook security threats that come from within the company. "The office has a family atmosphere. You know the person, you've invited them to barbecues. When the person betrays you by stealing data, you're less likely to report it," Beggs says. Small companies also tend to collect too much information and hold on to it for too long, says Cheung. "Not only does retaining that information have costs, that can be a potential liability. If you don't have it, you can't lose it." Many companies are still not securing, shredding or disposing of information properly. Too often, sensitive items such as credit-card receipts or other personal information just end up in a recycling bin or the trash What can small businesses do? Start with basic training for employees. Make sure everyone understands what information from customers is personal, why they are collecting it, and how that information should be handled. "They should know what their obligations are under the law, if there's a privacy complaint how they should deal with it, and whom they should notify at their own organization," says Cheung. Stories about hackers make the headlines, but in fact, half of all data breaches are due to an employee losing a laptop or UBS key that contains sensitive information. That's why it's so important to encrypt hard-drives and files. Studies show that the cost of a data breach can be as much as $202 (U.S.) per lost record, and lost business accounts for most of that figure, Cheung says. "The cost of preventing a breach is almost always less than trying to rectify it when something has happened." The CICA offers a Privacy and Data Security Toolkit to help organizations identify data security and privacy risks. It includes a self-assessment, as well as advice, articles, checklists, and training templates. The book was authored by Claudiu Popa of Informatica Information Security and Nicholas Cheung. Most security breaches are found out by a third party, Cheung points out. "That's why we try to advocate these self-assessments. Hopefully, you can be aware of the warning signs yourself instead of someone else telling you about it."
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
ALERT WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |