3 – 6% of your IT Budget = Security

About 3 – 6% of your annaul IT budget should be allocated to security.

That’s the finding of the 2014 TELUS-Rotman IT Security Study. Which also found that spending more didn’t necessarily equate to better security. Spending less is an obviously bad idea.

Unfortuantely, the security budget is usually the first thing to get cut.  Which makes no sense, because why bother building something, if you’re not going to protect it?

Moreover, as a small business owner you have a responsibility to protect your customer’s information, especially if you’re processing credit card numbers.

How much are you currently spending?

Compare yourself to the rest of Canada:

About 30% of organizations spend the minimum, I hope you’re higher than that.

Protect your kingdom guys!

Because always remember,
it’s not IF you’re breached, it’s WHEN.

Blog tag = TELUS Security

***

This is an excerpt from my interview with Hernan Barros, Directory of Security Solutions at TELUS, and Walid Hejazi, Associate Professor, Rotman School of Management, University of Toronto, about their new study, the 2014 TELUS-Rotman IT Security Study.

More about that here.

 

 

It’s not IF You are Breached, it’s WHEN

That’s one of the oldest saying in security, because it’s true.

Thinking you are going to be forever immune is delusional.

Do you not lock your front door? Lock your car when you park it downtown? Take a different walking path at night than during the day? Why would online actions require less diligence and care?

Here’s the mean number of breaches to Canadian companies, over the last 4 years.

Note that none of them are 0.

If you are a small business owner:

You have a responsibility, especially if you are accepting people’s credit card numbers. Because you may be more of a target than you realize… think like an attacker: is it easier to go after 1 large business, that likely has security systems and staff in place? Or 10 smaller businesses, who probably have no clue and are lazy about protecting their assets?

The type of breaches Canadian companies experienced last year.

1 – one careless click, on one stupid link…
2 – how old-fashioned! Never leave your laptop unattended
3 – from the inside…
4 – lock your WiFi network. And change your router password too, how to here
5 – the counter to this attack is listening to your gut. Blog tag = social engineering

***

This is an excerpt from my interview with Hernan Barros, Directory of Security Solutions at TELUS, and Walid Hejazi, Associate Professor, Rotman School of Management, University of Toronto, about their new study, the 2014 TELUS-Rotman IT Security Study.

More about that here.

 

 

How ‘Security Responsible’ are You?

TELUS has released their 6th annual study of Canadian business security practices.

The report focuses on which best practices businesses have in place, that go beyond just compliance (as in, the bare minimum forced on you by the government.)

Ideally, your business is in the quadrant with the *.

How does your small business compare?  Take this test to find out.

Give yourself a score between 0-7 (0 being terrible, 7 being excellent), then compare how you operate to other Canadian businesses.

Do you…

1 – monitor and/or have rigorous procedures to act on new threat information

2 – understand the security drivers impacting your business

3 – conduct regular security awareness training for employees

4 – involve security early and throughout the development of new infrastructure/systems

5 – communicate social media policies to their employees

6 – have and/or execute on a comprehensive mobile security strategy

7 – conduct enterprise mobility security testing and Threat Risk Assessments (TRA)

Now compare:

The more “security responsible” companies have: less breaches, retain staff longer, better managed risk, and are positioned better to take new risks (side-note from me: they have better business karma, because accepting a credit card and being careless and lazy about it is terrible.)

And ideally, you have ongoing employee training sessions, because the human is always the weakest link.

Note:

This is an excerpt from my interview with Hernan Barros, Directory of Security Solutions at TELUS, and Walid Hejazi, Associate Professor, Rotman School of Management, University of Toronto, about their new study, the 2014 TELUS-Rotman IT Security Study.

The study is in its 6th year, and TELUS remains the country’s only telecom to proactively study security, and this is the only Canadian study this in-depth on a single country.

How it was conducted: 400+ security professionals were surveyed in the 2nd half of 2013, looking for both qualitative and quantitative data on how companies are executing their security strategies. Respondants were Private 48%, Government 23%, Publicly Traded 20%, and Non-profit 9%.

Blog tag = TELUS Security