By Pattrick Smellie
Dec. 3 (BusinessDesk) - If you're anything like me, the innards of a personal computer and the workings of the Internet are something of a magical mystery.
When they work, they're fantastic tools. If anything goes wrong, it's like losing a limb and it can be hard to find a surgeon quickly to reattach it.
Increasingly, however, data protection is something that businesses simply can't ignore.
For big organisations - especially government agencies that collect a lot of sensitive information about individuals - privacy breaches can destroy public trust.
The Accident Compensation Corporation and the Ministry of Social Development both had spectacular problems in this area in 2012, leading the Privacy Commissioner to label 2012 the "year of the privacy breach."
While the consequences of someone hacking your small or medium sized business's computer systems may not have the same wide-ranging impacts, the effect of such a breach could be crippling for your business.
That's especially the case if you are taking online payments that involve people parting with their credit card details.
To help businesses understand how to deal with this black hole of worry, global accounting firm PwC has just published a report on the global state of information security, and come up with 10 key insights for New Zealand businesses, based on its findings.
1/ Try not to over complicate information security, it's a business risk like any other. Make IT security and risk part of your business strategy. It can't just be an add-on;
2/ Too many businesses take a tactical approach to security. They have no formal measure of return on investment, don't have success factors identified, and so can't assess the impact of their decisions on the organisation's risk profile;
3/ More than half of New Zealand businesses outsource all or parts of their information security. PwC warns business owners not to assume that risks are being managed to some unstated and guaranteed level. Explicitly defining your requirements is essential;
4/ Don't assume employees are aware of cyber threats: one of the best ways to protect information is to make sure your people understand what security procedure is in place and how they can help enforce it;
5/ Globally, 88% of consumers use a personal mobile device for both personal and work purposes. Yet only 45% of companies have a security strategy for personal devices in the workplace, and barely 37% have malware protection for mobile devices. New Zealand looks about the same as this global trend;
6/ New Zealand business investment in security remains stable but low compared to global trends;
7/ Thankfully, New Zealand organisations have better systems in place to detect and prevent incidents, but incident identification is still largely reactive - shutting the stable door after the horse has bolted;
8/ For all the advice above, it's not worth trying to protect everything to the same level. Trying to do so is inefficient, impractical and costly, PwC says;
9/ IT security is a business impact issue, not a technical impacts issue. If you treat it as no more than IT issue, you risk misunderstanding the level of risk to the whole business;
10/ The cost of dealing with an avoidable incident is far greater than the cost of any awareness programme, yet security training is clearly not a priority for New Zealand businesses.
That last point is the clincher. If you read the list above and just saw dollars you don't believe you have, think again. The reality is that IT systems are under perpetual attack these days from spammers, scammers, hackers and other cyber ne'er-do-wells. If you don't expect it to happen to you and plan for it, the costs will be far greater.
To read the full report for more specific advice, go to: www.pwc.co.nz/pwc-security/publication/global-state-of-the-information-security-survey-2013/.
By Pattrick Smellie