One of the most important and prevalent issues in the IT industry in 2007 is security.
As a result of information management government policies, both in Canada and the United States, companies, that store customer information must protect it from hackers. This knowledge may seem commonplace, yet IT resellers have difficulty convincing small business owners of the dangers lurking in cyberspace. While small business owners might intellectually realise the need to protect their data, many lack the enthusiasm to upgrade their IT security systems.
Apparently, the threat of having their data compromised – an occurrence which is in the headlines on a seemingly daily basis – does not compel a small business owner to upgrade hardware. Upon further questioning, what has been unveiled is belief that online hackers will not target a small Canadian business, compared to a large organization. Some small businesses assume that they operate under the hacker radar.
In addition, as security infrastructure benefits are not immediately visible, small businesses shy away from large IT expenditures. The assumption is that the IT systems work today, therefore they will work tomorrow. This is reminiscent of an organization’s reaction to antiviral software five years ago, before experiencing that first major attack: “We know we should have it, but if we are quiet, then maybe the potential risk will disappear.” As many learned before, the attack will appear anyway, and is costly when it does.
Another interesting outcome of discussions with resellers is that customers often don’t believe that the information they have stored on their hard drives/servers is of value. As it is often in small business environments, where the best ideas are created, compared to the groupthink prevalent in large organizations, this is an interesting concept. Aside from intellectual property, one of the realities of a database is that customer information is stored there. Large or small businesses, hopefully, have customers and that information has to be protected.
However, small businesses have the flexibility and the ability to shut up shop if the need arises, and this is cited as a reason to ignore IT. This strikes me as curious. A business owner invests a lot of time and energy, not to mention money, on their business on a continual basis. Yet, instead of investing more money on the technological component, which would result in an ability to grow the business safely and responsibly, business owners opt out.
When the Canadian media highlights cases of corporate IT security breaches, the focus is on large organizations and not on small businesses. Is it possible that these breaches occur in small businesses too, but they’re under the proverbial media radar? Or is it simply that small businesses are immune to IT security breaks? I suspect the former, which doesn’t eliminate the need for a proactive IT plan.
Perhaps stories of small companies forced to close doors due to security failures will help organizations realise the value of security investments. Perhaps once an organization realises the costs involved with data recovery services, a proactive approach might be taken to secure the information.
Or maybe, as was the case with viral attacks, one big intrusion will illustrate the importance of proactively securing a network. Hopefully, the realization will hit the small business segment sooner, rather than later, to avoid to inevitable catastrophe.
Michelle Warren is an industry analyst with Partner Research of Toronto.
Comment: cdnedit@itbusiness.ca