Cyber Threat Alert: Businesses are Vulnerable to Hack Attack

Cyber Threat Alert

Cyber Threat Alert

Today’s busy owner of a small business just wants to run their firm and win the daily battles against local competitors.  Many understand the value of securing their reputation, monitoring the reputation, building the reputation online and marketing the reputation to win.  They have a solid business reputation marketing strategy in place.

Here’s some important questions:

  • Is the business vulnerable to cyber attack?
  • How can my business be protected?

For answers to these questions, let’s turn to John DiMaria – ISO product manager for BSI Group Canada Inc.

Please review this article published in the Financial Post on 1/28/15.

As small and medium-sized businesses and organizations continue to develop and streamline sophisticated technical processes, ensuring a secure IT and information environment continues to be of critical importance.

The recent highly publicized Sony Pictures hack has demonstrated that even some of the world’s leading companies are susceptible to security breaches. While the Sony case is an extraordinary one, it is not rare (we remember all too well the 2014 Home Depot breach of security which affected 56 million debit and credit cards in Canada and the U.S.). Unfortunately, it is now a matter of when, not if, the next headlining hack happens.

Industry experts estimate the Sony breach cost the company about $100 million. Sony has downplayed the hack saying it will cost “far less than anyone is imagining”. While Sony is confident this unexpected expense to safeguard its network won’t hurt the bottom line, the cost of an IT breach or disruption in service and operations for the majority of businesses in Canada — especially small and medium-sized companies — could be irreparable.

Business owners have two choices: take the approach of proactive prevention or react in the event of a breach or disruption to your IT assets. While the actual costs are dependent on the size and scope of the technology infrastructure within your company, the difference between these approaches is stark.

Cyber Threat Alert

Prevention Implementing IT security is proactive and allows time for careful planning and organized project roll-out and process testing to ensure proper risk management, which typically minimizes the costs. In addition, your company’s reputation is safeguarded and proactive procedures demonstrate a standard of care and due diligence.

Reaction Implementing IT security following a breach can see restorative costs to security climb quickly, and depending on the size of your company, could mean thousands and millions (or even billions) of dollars invested. During a security breach, your company is in reaction mode, and the budget is thrown out the window while you scramble to address the disruption.

Then there are costs beyond the direct fix. Your reputation may be tarnished and your clients’ trust, a commodity that can take years, even decades to cultivate, is often costly and difficult to repair.

In addition, your company may be vulnerable to scrutiny and litigation by regulatory bodies, clients, industry players, employees, and competitors who may try to take advantage of the misfortune.

Tips to ensure a secure IT environment One of the most important steps is to foster a culture of security, safety and privacy among your team. Ensure proper training and competency for both those providing management oversight of your IT assets and staff conducting the day-to-day operations. Seek out the support of IT and security experts who developed plans and procedures to help companies stay out of the headlines. You should establish clear stakeholder ownership, train for accountability and enforce it according to organizational policies and procedures. When and where appropriate, conduct monitoring, internal auditing and inspection of procedures.

The following areas can also help you be proactive in avoiding a security breach:

Risk management Identify and recognize your vulnerabilities, threats and what systems you have in place to determine what actions need to be taken;

Security architecture and design Know the critical components and assets needed to secure the most data and understand why;

System and network management Provide and monitor secure network access to users working remotely;

Continuity planning and disaster recovery Establish a plan for rapid recovery from an unplanned disruption and ensure it is tested and improved regularly.

With the growing reliance on all things technological and digital, there is now a greater number of opportunities for hackers to compromise security systems, even as safeguards become more advanced. While you may not think there is a chance of a hack or a breach happening due to your company’s size or scope, is it worth the risk and costs to find out?

John DiMaria is an ISO product manager for BSI Group Canada Inc., which helps businesses manage risk and drive performance through the adoption of international management systems standards. He has more than 30 years experience in IT security, quality and regulatory affairs.

Cyber Threat Alert