Cybersecurity, the elephant in the room or just smoke and mirrors?

One of the driving forces for business is to have the ability to access their business data from anywhere at any time.   For a business this is a great idea but the reality of the access is, that most business only look at their ability to access their information, they do not worry about how secure the access is or how secure the data is.

Cloud based systems, bring your own device  (BYOD), and increased data compliance are making small and medium business and not for profit organisations rethink how they secure their business data, and to tell you the truth it is about time.

A data breach can range from a business inconvenience (confidential information emailed to an outside contractor getting released to the Internet) to a full blown cyber attack that will shut down your business and make you and your board of directors liable for the loss or anything in-between.

Cybersecurity protection is no longer an add on thought when it comes to the business, it has to be applied at the planning stage of a project and taken all the way through any and all projects that have anything to do with data and it’s access.    It has an impact on your business continuity, disaster recovery, data management, reporting and most of all your governance and external compliance requirements.

In the drive for better efficiency, increased revenue and increased profits cybersecurity is usually the last thought when it comes to getting a project off the ground.    Most management and board members consider the implementation of a cybersecurity component for a project as just additional costs with no additional benefits.  

This is definitely false expectations, moving to a cloud based system is a classic example of getting the protection correct.   Where your data is no longer under your physical control, your data could be located in Australia, US, Germany or the Ukraine and the the cloud provider can move and manage it as they seem fit.   Don’t forget they are also driven by the requirements for increased profits and revenue.

Further more there are also the questions on data access, disaster recovery, their access to your data, your users and their access, ownership of your data and getting the information back if they go broke.   All of these questions and others are critical to making sure that your business is always protected.

In addition to this you have to ensure that YOUR systems are in place to enable your staff to access the data safely.   This includes updated software, updated operating systems, security in depth using firewalls and other levels of technology, VPN and data encryption, processes, policies and procedures and most importantly training.  Miss one of these areas and everything else you do could be meaningless.

Moving to the cloud requires an in depth check list and process to make sure you are not hanging your business out to dry, putting all of your business eggs in one basket and trusting to the technology gods that nothing will go wrong.

Cliched as it is, moving to the cloud can be business critical but it can also be an unmitigated business disaster.   Play it safe and plan it through correctly, don’t cut corners and most of all use common sense at all times

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.