Expert advice from Research International
News and business media stories highlighting IT security incidents are now sadly reaching epidemic proportions. Misplaced and stolen laptops, missing USB sticks and CD’s - all make the headlines. Hacking, phishing, and email-borne viruses can all wreak havoc with an organisation’s information and communications technology network.
Recent research supports the media stories. The 2008 Information Security Breaches research conducted on behalf of the UK's Department of Business, Enterprise & Regulatory Reform (BERR)¹, found that 45% - nearly half - of small companies (employing up to 50 employees) surveyed had experienced a security incident in the last year. Six² incidents per year were usual, with the worst incident usually costing in the region of £10-20,000.
Corporate IT professionals are justifiably concerned about security. In a 2008 Computing Technology Industry Association poll³, nearly one third of respondents said securing their networks and data was their primary concern. Other recent research highlights preventing data leakage, and securing remote, mobile, and collaborative working as key issues.
Cisco's own survey of small- to medium-sized businesses in UK, France, Netherlands and Spain conducted by Research International in 20084 however, suggests a conflicting attitude to securing one's business.
When IT decision makers were asked to identify the main benefits that technology brings to their organisations, improved security and confidentiality was ranked lowest overall compared to other benefits such as improved efficiency, productivity and communication, and saving money and time. Widespread public concern exists about security - or lack of - yet improved security and confidentiality isn’t perceived as a key benefit: why is this?
Many decision makers are primarily concerned with the bottom line: productivity, revenue and profit. Perhaps security is viewed as nothing more than a fixed cost burden. The key motivations for investing in IT solutions are to improve the running of businesses, but "securing my business" is seen as a hygiene factor - or at worst, a hassle.
Research International's data supports this. Whilst security ranks lowest as a benefit, 83% of SMBs surveyed currently use network security solutions and 95% of decision makers consider security important when investing in high-end communications technology. In other words, it's important and of course we secure our business, but it doesn't actually benefit us much.
It would seem that IT security was comparable to other corporate costs such as insurance - money leaving the company but little to show for it. It is viewed as a necessary evil - a defensive action that prevents loss rather than providing advantage. As with insurance, the cost of securing one's business using IT solutions is weighed up against the risk that a lack of adequate protection poses. It can literally be a gamble.
There are a number of key reasons however, why "securing my business" should be seen in a more positive light.
The benefits of technology are lost without adequate security.
Reacting to security breaches uses up resources originally earmarked for elsewhere. A serious security breach may damage the ongoing dialogue between company and customers and other stakeholders. Consumer 'chatter' and online blogs may generate media attention; crisis management programmes may be necessary. In short, a security breach is guaranteed to reduce productivity, cripple communication, and cost time and money. When this can happen 6 times a year, security is a real investment in the other benefits that technology provides!
A secure business protects your reputation.
Companies are only as good as their reputation: we live in a digital age where such reputations can be forged – or obliterated – at light speed courtesy of internet buzz and chatter. What are the costs to your company – and to your reputation - when an unexpected IT security incident occurs? Security of personal information (and the safeguards employed) may become as important to potential clients as a company’s corporate social responsibility policies when deciding who to do business with.
Robust security can be a selling point.
Businesses should focus on security to defend against electronic and human IT threats, but also to provide confidence and reassurance to customers that their data, money or intellectual property is in safe hands - both within and outside of your organisation's network. Research International's study found that 100% of Cisco’s network security customers surveyed were satisfied (70% of these 'very' or 'extremely satisfied') with the technologies provided to their business.
Is it worth having the right security infrastructure, and can you really afford not to? A secure and robust network shouldn't be seen as just a defensive action or a cost burden, but a sound economic investment in your business’ success. The time has come for mindsets to change. Progressive organisations view their staff as an asset on the corporate balance sheet rather than a cost: why shouldn't a secure and reliable IT system be treated similarly? Treat 'security' as a positive state of mind to be instilled among employees, as well as having the right software and hardware in place.
Proactive security makes the other benefits to be gained from technology possible.
So what can be done to help facilitate communication - and commerce - with confidence? Undertake an audit of your existing network and equipment. How well would it cope with various electronic or human threats (internal and external)? Formulating an IT Disaster Recovery Plan (DRP) will open eyes and minds to various realistic scenarios - and how to react if they become reality.
If your audit or scenario planning exposes shortcomings, what next? Whether it's a network issue, a technical matter, or alternatively ensuring compliance with government legislation, take pro-active steps to safeguard your IT and business operations. Investigate all available options and discuss them thoroughly with suppliers. It's important they’re completely aware of the issues facing you so they can provide the best advice. Remember: having the right security technology will enable you to concentrate on your business - not your fears
1 2008 Information Breaches Security Survey, Department of Business Enterprise and Regulatory Reform, first published April 2008. Survey conducted
by PriceWaterhouseCoopers between October 2007 and January 2008, totalling 1,007 responses.
2 Median figure.
3 Computing Industry Association survey conducted June-August 2008, 934 respondents.
4 Research International survey conducted 2007-2008 among Cisco SMB customers and externally-sourced respondents in UK, France, Netherlands, Spain.