There is an article entitled “Small Business in the Dark About IT Security” by Madhavi Acharya-Tom Yew on page B3 of today’s Toronto Star (in the Business section). Oddly enough, the article is not available (at least as of noon on Oct 21) on The Star’s website, so I can’t give you a link to it.
To summarize the article, it indicates that small businesses are easy targets for security and privacy breaches. In particular, security breaches can come from “inside jobs” with current or former employees. Other points worth noting are:
a) small businesses tend to collect more personal information than is necessary and they keep that information for longer than necessary;
b) small businesses do not think about the information that they are sending out with the recycling. For example, would you be happier to know that you are doing business with a company that shreds credit card receipts showing your name and credit card number or doing business with one that simply throws those receipts out with the recycling;
c) many small businesses have no, or limited, encryption on their laptop computers or USB key “thumb drives” and if these get lost of stolen then potentially sensitive information – either for the business or for its customers – could wind up in the wrong hands.
The Canadian Institute of Chartered Accountants has a Privacy and Data Security Toolkit that is mentioned in the article. It can be found here. Unfortunately, it’s not free, but at $29.95 it won’t break the budget. You can also give my good friend Fazila Nurani at PrivaTech Consulting a call or check out her website.
It is estimated that the cost of data breach is $202 per lost record. At first blush, $202 isn’t a ton of money. But it is if you think about a spreadsheet with hundreds of entries and it’s now $202 per entry.
As I usually note, the old saying that an ounce of prevention is worth more than a pound of cure will apply in this situation.
Something to think about.