Last updated on November 27, 2017
This adaptation of Microsoft’s David Iuduciani’s original post at the CFIB blog talks about how cyber security has changed in recent years and offers three strategic imperatives to consider.
We live in an increasing interconnected world. The sheer number of active devices, applications, and overall volume of data collected and exchanged in the cloud can boggle the mind. And while modern technology benefits individuals and businesses in so many ways, all this new technology can prove challenging to keep up with, especially when it comes to security.
Questions we hear all the time
How much cybercrime happens in Canada?
Do cyber criminals target small businesses?
Are cloud services more secure than what we have?
If you store my data, do you share it with anyone else?
What about Canadian privacy laws?
We all use phones—how can we secure them?
Business people ask questions like these for good reason. Newer cloud technologies and connectivity via the Internet create unprecedented opportunities, but can also complicate security.
Canada’s cyber security landscape
So, what’s it like out there? Per Ipsos, cyber security matters to Canadian business owners. In that survey, 23 percent of small/mid-size business owners report that they are certain they were the victim of a cyber-attack. And another 32 percent suspect they might have been breached.
Expect more news of cyber attacks
Cyber security incidents will now require more transparent reporting, which means more stories of breaches in the media spotlight that can erode trust and damage brands. All told, these attacks pose a clear and significant reputational, not just operational, business risk.
Adapting to a new landscape
Canadian business owners need to adapt their cybersecurity practices to manage the emergence of new threats. These practices should accommodate a contemporary IT environment, which includes all kinds of smart phones and other devices accessing the same network.
The old world versus the new
In the old world…
Businesses had complete control over their users, their devices, the applications on these devices, and the data being collected and exchanged on a network. In theory, businesses could build a security perimeter (AKA firewall) around their entire IT ecosystem.
But in the new world
Users have multiple devices on the go and will use those devices in the workplace. And, to further complicate things, we will often mix business and pleasure by using cloud-based applications on those devices for both business functions and personal stuff.
Modern security must account for user identities, devices, apps, and data—all residing outside the traditional IT security perimeter.
Three things you can do
So, what can businesses do to modernize their security strategy? Start by prioritizing these three activities:
Understand your current security approach. How secure are your business assets (i.e. intellectual property, customer information, etc.) today? What are your most mission-critical assets that you need to protect? What impact could a cyberattack have on your business?
Start thinking about your security strategy left to right. Think about what you need to do as a business to protect yourself—all the way from your users to the data layer. Try to map out your entire IT ecosystem and identify vulnerabilities.
Leverage cloud vendors with security expertise. Do not rely on a security platform alone. Collaborate with a cloud vendor offering the right people and processes to manage your security, ensure privacy, enable compliance, and report on your security health.
Ultimately, your goal should be to a develop and implement a total technology strategy that gives you peace of mind and makes you feel protected, managed, and respected.