The Australian Institute of Company Directors (AICD)’s online magazine recently published a pretty important article* on data protection. It was pitched at directors sitting on the boards of small to medium enterprises, but equally applies to owner operators and self-employed people.
Effective communications these days is heavily dependent on technology, which enables delivery on the device, in the place and at the time preferred by your audiences. These days that enablement brings extra responsibility to protect the private information of your customers and other stakeholders.
The AICD's Company Director article, ‘Why data protection is more important than ever – especially for SMEs’, proposed that SMEs should not believe they are too small to be targeted by cyber attack and that there were cost-effective security solutions that the leadership of SMEs should be thinking about.
It prompted me to think about the mindset of people starting up small businesses. When I set up my previous enterprise back in the 1990s, I didn’t have to consider cybersecurity, let alone worry about the up-front investment it might involve.
In 1991, the internet was still in the realm of academia and the military and was not even on the radar of commerce. Fax machines were considered the fastest and most efficient document transfer mechanism and regular mail was still a big deal.
The financial hurdles to setting up a business were therefore quite different. My initial outlay, bearing in mind this was over 25 years ago, were the purchase of a Macintosh computer with a 14-inch monitor, a CPU for it to sit on and a 300 dpi Apple Laser black and white printer. It doesn’t sound like much, but this meagre capability put me $10,500 out of pocket. Add to that desktop publishing and other software, and the tab rose to around $15,000. In today’s dollars, that would be significantly more.
The point of this little excursion into the past is that basic investments in establishing a small business have not changed much over the years, only the nature of them.
In 1991, my outlays were for access to the technology essential to operate. That first Macintosh had 4Mb RAM and a 250MB hard drive. Now you can buy a laptop that could have run the space program in the 1980s with capacity to spare for just a few thousand dollars and they’ll throw in a printer so they can nail you on cartridge purchases for eternity. Today’s investment is therefore not about access to technology, but restricting access to what it holds.
The AICD article suggests that an SME investment in cybersecurity is affordable for businesses that clearly understand their points of vulnerability.
Terry Roberts is a former deputy head of US Naval Intelligence and now Chair and CEO of ASX-listed Whitehawk. He told the AICD that, while smaller companies did not have the financial resources to cover every base, all should take a fresh look at their data and digital assets to prioritise what needs most protection. Some of his tips cost nothing more than a bit of time and care and include:
· Back-up data regularly to protect against ransomware attacks;
· Use encryption to ensure data cannot be read or used;
· Protect your website if you deal with customers online;
· Secure your email system.
Mr Roberts also recommends that, if they can afford it, organisations get a risk rating from an independent cybersecurity agency to identify and fix any vulnerabilities.
I add that SMEs using cloud-based software and storage should ensure that those providers also have appropriate cybersecurity protection in place, particularly if they’re storing customer or other commercially sensitive data.
Remember, that simply by connecting to the internet, every individual and business is linked worldwide and the exposure to data risk and regulation that all this entails.
For people starting out in a new business, these additional upfront costs can be daunting. However, cybersecurity precautions and investments are your permission to play as a business, just like I had to pay more for permission to play than I wanted to in 1991.
The hurdles to starting up have always been there, it’s just that they’re different these days.
* 'Why data protection is more important than ever – especially for SMEs', Company Director Magazine, 29 June 2018.