Should Small Businesses be Concerned with Data Security?
Written by: Sean Forkan, Country Manager, Symantec Canada
A question I get asked a lot is if SMBs need to worry about data security. My answer is always the same: Absolutely.
Targeted attacks aren’t just aimed at the big guys anymore. The June Intelligence Report from Symantec found that SMBs are not too small to escape the notice of sophisticated attackers. In fact, 36 per cent of all targeted attacks (58 per day) during the first half of this year were directed at businesses with 250 or fewer employees. This is up from the 18 per cent reported in December 2011.
We’ve tracked three distinct trends that make SMBs a prime target:
- Being at the forefront of innovation in their industry
- Malware authors can target an SMB in order to gain access to a larger enterprise –SMBs often supply goods and services to companies and organizations that are highly prized by attackers
- Possessing high value assets that may be intangible in nature
Despite this, SMBs don’t believe they are at risk. Almost half (49 per cent) of Canadian SMBs do not feel they are a target for threats, and 66 per cent of Canadian respondents do not lock down machines used for online banking to protect its company bank account.
The best way Canadian SMBs can protect themselves is to be prepared. After all, downtime (whether from an attack, breach or natural disaster) equals lost business. Of Canadian small businesses, 34 per cent reported lost revenue and 57 per cent lost productivity due to a typical outage, according to Symantec’s 2012 SMB Disaster Preparedness Survey. As a small business, is this a risk you can afford to take?
We understand that for many small business owners, securing your company may appear to be a difficult and confusing task. But IT doesn’t have to be hard. Here are a few tips to help you better protect your small business:
Plan to grow: Consumer software is not meant to protect SMBs and the massive amount of information they accumulate. We recommend that an SMB with 10 or more employees use an SMB focused product (Symantec offers Endpoint protection SMB edition and Backup Exec SMB edition, to name a few). It’s also important for an SMB with fewer than 10 employees to plan to outgrow consumer software as the company grows. Recently SMBs told us that information accounts for 40 per cent of their organization’s value, and as a result a data breach or lost information can have disastrous consequences for an SMB.
Educate employees: Develop Internet security guidelines and educate employees about Internet safety, security and the latest threats. Encourage employees to follow the BYOD trend (bring your own device) but establish guidelines to keep your infrastructure safe. All mobile devices should be password protected and have security installed, lost or stolen devices should be immediately reported and avoid opening email or text messages from unknown senders – as with PCs, malware can infect mobile devices through such messages
Assess your security status: SMBs are facing increased risks to their confidential information so safeguarding data is critical. For an SMB, one data breach could mean financial ruin and loss of customers. Secure your website with an SSL (secured sockets layer), this will ensure that information passing through your website will remain private and secure by creating an encrypted link between a web server and browser. This will allow your customers’ private information to remain secure throughout a transaction. It’s important to understand your risks and security gaps so that you can take steps to protect your information.
Take action: Be proactive and develop a security plan. Consider items such as password policies, endpoint protection, the security of email and Web assets, and encryption. You should also evaluate whether on-premise or a hosted service would best suit the needs of your organization. Symantec’s Endpoint Protection solution can easily take you from an on premise to a hosted solution. It’s important for SMBs to take advantage of technology trends like the cloud and virtualization that can enhance their efficiency.
How changing your company's software code can prevent bias
Two-third of tech professionals believe organizations aren’t doing enough to address racial inequality. After all, many companies will just hire a DEI consultant, have a few training sessions and call it a day.
Wanting to take a unique yet impactful approach to DEI, Deltek, the leading global provider of software and solutions for project-based businesses, took a look at and removed all exclusive terminology in their software code. By removing terms such as ‘master’ and ‘blacklist’ from company coding, Deltek is working to ensure that diversity and inclusion are woven into every aspect of their organization.
Business Chief North America talks to Lisa Roberts, Senior Director of HR and Leader of Diversity & Inclusion at Deltek to find out more.
Why should businesses today care about removing company bias within their software code?
We know that words can have a profound impact on people and leave a lasting impression. Many of the words that have been used in a technology environment were created many years ago, and today those words can be harmful to our customers and employees. Businesses should use words that will leave a positive impact and help create a more inclusive culture in their organization
What impact can exclusive terms have on employees?
Exclusive terms can have a significant impact on employees. It starts with the words we use in our job postings to describe the responsibilities in the position and of course, we also see this in our software code and other areas of the business. Exclusive terminology can be hurtful, and even make employees feel unwelcome. That can impact a person’s desire to join the team, stay at a company, or ultimately decide to leave. All of these critical actions impact the bottom line to the organization.
Please explain how Deltek has removed bias terminology from its software code
Deltek’s engineering team has removed biased terminology from our products, as well as from our documentation. The terms we focused on first that were easy to identify include blacklist, whitelist, and master/slave relationships in data architecture. We have also made some progress in removing gendered language, such as changing he and she to they in some documentation, as well as heteronormative language. We see this most commonly in pick lists that ask to identify someone as your husband or wife. The work is not done, but we are proud of how far we’ve come with this exercise!
What steps is Deltek taking to ensure biased terminology doesn’t end up in its code in the future?
What we are doing at Deltek, and what other organizations can do, is to put accountability on employees to recognize when this is happening – if you see something, say something! We also listen to feedback our customers give us and have heard their feedback on this topic. Those are both very reactive things of course, but we are also proactive. We have created guidance that identifies words that are more inclusive and also just good practice for communicating in a way that includes and respects others.
What advice would you give to other HR leaders who are looking to enhance DEI efforts within company technology?
My simple advice is to start with what makes sense to your organization and culture. Doing nothing is worse than doing something. And one of the best places to start is by acknowledging this is not just an HR initiative. Every employee owns the success of D&I efforts, and employees want to help the organization be better. For example, removing bias terminology was an action initiated by our Engineering and Product Strategy teams at Deltek, not HR. You can solicit the voices of employees by asking for feedback in engagement surveys, focus groups, and town halls. We hear great recommendations from employees and take those opportunities to improve.