Security in the IT arena is not a new topic, but corporate awareness of its presence (or lack thereof) is at an all-time high. Not a day goes by without seeing a headline somewhere relating to stolen data, hacked company computers or leaked private information. When Sony’s Playstation® Network got hacked, there were estimates reported around $24 billion in losses. Then there were security breaches at Citigroup or Lockheed Martin. They were both juggernauts of industry with hardened defenses and yet were victims of stolen sensitive information. It appears no one is safe, but does obscurity or anonymity still qualify as protection for your small organization?
A few weeks ago I was sitting in a board room discussion with a couple of partners at a smaller private CPA firm and the topic of their network security came up. Mind you, these two gentlemen had a basic understanding of technology as most business owners do, but could not wrap their heads around why it was so important to purchase and install a firewall. A firewall! The most basic of network security devices and here I was trying to justify such a basic, yet mandatory, investment to any business, much less a financial firm.
It was a confirmation of a truth that is common no matter the size of the company. That truth is simple – most business owners have a difficult time appreciating or valuing technology unless they have experienced some type of pain relating to technology. That pain may be lost data, bad support, frustrating software… etc. Whenever I meet with prospective clients, one of the questions I ask in the beginning is “Are you ‘technology dependent’ or ‘technology strategic’?” This sets the tone for what direction we recommend.
Technology Dependent – This is most common Compiblog among small, private firms. Your business may rely on your computers and networks, yet your decisions regarding technology are typically reactive and cost is commonly the biggest factor on whether or not you proceed. The inherent problem with technology-dependent firms is the unseen lack of efficiency and super high risk factors. Time and productivity are commonly overlooked as assets to the company. Here are some factors common in technology dependent firms:
a. Computers are older (4+ years old) and sometimes are even beige or off-white (a sign of age).
b. Few important proactive tasks are being performed, such as testing backups, patches and risk assessments.
c. There is no guidance on how to leverage technology to contribute to profits or increased productivity.
d. The company is still paying someone to fix things when they break on an hourly basis.
e. There is little to no network security.