Search Blog
  • Alan Fustey
  • Arthur Salzer
  • Becky Wong
  • Bert Griffin
  • Blair MacDougall
  • Blake Goldring
  • Brett Baughman
  • Camillo Lento
  • Chris Delaney
  • Chris Vermeulen
  • Christine Conway
  • Cynthia Kett
  • Darren Long
  • Desmond Jordan
  • Don Shaughnessy
  • Doug Lamb
  • Ed Olkovich
  • Ed Rempel
  • Ellen Roseman
  • Eva Sachs
  • Evelyn Jacks
  • Gail Bebee
  • Gerald Trites
  • Gordon Brock
  • Gordon Pape
  • Guy Conger
  • Guy Ward
  • Heather Phillips
  • Ian Burns
  • Ian R. Whiting
  • Ian Telfer
  • Jack Comeau
  • James Dean
  • James West
  • Jeffrey Lipton Fairmont Gloucester
  • Jim Ruta
  • Jim Yih
  • Joe White
  • John Winston
  • Jonathan Chevreau
  • Kenneth Eng
  • Kevin Ikeno
  • Larry Weltman
  • Malvin Spooner
  • Mark Borkowski
  • Marty Gunderson
  • Michael Kavanagh
  • Monty Loree
  • Nick Papapanos
  • Norma Walton
  • Paragon International Wealth Management
  • Pat Bolland
  • Patrick O’Meara
  • Paul Brent
  • Paul Mascard
  • Peter Deeb
  • Peter Lantos
  • Riaz Mamdani
  • Richard Crenian
  • Richard Warke
  • Rick Atkinson
  • Rob Peers
  • Robert Bird
  • Robert Gignac
  • Sam Albanese
  • Sam Mizrahi
  • Sean Cooper
  • Stephane Ruah
  • Steve Nyvik
  • Steve Selengut
  • Tammy Johnston
  • Terry Cutler
  • Trade With Kavan
  • Trevor Parry
  • Trindent Consulting
  • Wayne Wile
  • Categories
    October 2012
    M T W T F S S
    « Sep   Nov »


    Better Security is Needed for Small Businesses

    Gerald Trites, FCA, CPA

    Auditors have been telling small business owners for years that they should implement good security procedures for their IT activities. These include such features as regular changing of passwords. Also they have stressed there be a proper division of duties between the custody and recording of transactions and assets. And a good business recover plan in case of a disaster or major loss of data. Large firms are required by law to maintain adequate internal controls and to report on them to their regulators, such as the OSC and the SEC. However, small private businesses don’t have that requirement. It’s all up to them.

    According to a recent study by Semantec and the National Cyber Security Alliance, these warnings are still going unheeded by many businesses. In a survey of 1015 small businesses in the US, 77% of the respondents felt that their business was secure but 83% stated that they had no established policies with regard to security. And yet, the risks are getting greater, not smaller. For example, the use of the internet for storing data and even processing transactions is growing. And the internet still poses numerous security threats. The threats come not just from a loss of data, but also from a breach of privacy, particularly the privacy of sensitive information or that which is owned by customers.

    The growth of social media has also served to increase these risks, since people use such media for many purposes, and often are not careful enough about what they disclosed on them. Companies are increasingly mining social media data for purposes of information about customer behaviour and activities of the competition.

    So there is a real need for small businesses to develop a security policy that will work for it. This would include not only policies with regard to passwords and business recovery but also policies with regard to the use of mobile devices and social media.

    And as for the data being stored on the internet, the businesses need to assess the importance and sensitivity of the data and whether it is adequately protected in the site where it is being stored. Any data that is sensitive in any way needs to be encrypted so that it is rendered difficult for unauthorized parties to access it.

    As with any policy, it needs to be documented and reviewed with employees to ensure they understand it and will buy into it. Ongoing review and updating of the policy is essential, as the technologies and the risks keep changing.

    An ounce of prevention – – – .


    The MONEY® Network