Blog Viewer



07-08-2015 10:21 PM

SMEs can't rely on excuses like "It costs too much," or "We don't know enough, it's too complicate..." At least do what you can do and that part doesn't need to cost a lot. Then find the best value experts to advise on the tricky stuff.

07-08-2015 07:56 AM

Many breaches come from poor employee and customer passwords, emails received that should never have been opened and employee dishonesty. A sound plan to address these, malware protection and continuous monitoring are parts of the plan that accountants should advocate and know about.

TechTalk Blog: Cyber Security Threats Hitting Midsize Companies Increasingly – Smaller Companies Next

By Brad Monterio posted 07-07-2015 12:53 PM


If I were a betting man – and sometimes I am – the data released by The Hartford Midsize Business Monitor about the role of technology in midsize companies points towards a growing risk that is not just the exclusive pain of the ‘big guys.’  Eighty-two percent of midsize companies consider data breaches at least as a minor risk to their companies, with 32% seeing it as a major risk.  Although no trend analysis is shown in the results, I would suspect that these percentages are on the rise.

Here’s the really telling part, however – almost half of midsize companies (43%) have already experienced some type of data breach!  These are not the household brand name companies that hackers seem likely to target to make the headlines.  These are the companies that many of our members work at.  Companies that won’t make the evening news, regardless of the damage that can be done by those data breaches.  Information is a critical company asset, and these survey results indicate that the problem is reasonably large and probably growing among midsize businesses. 

Smaller businesses will not be immune.  Let me repeat that – smaller businesses will not be immune to data breaches and cyber risks. 

If you work at a smaller business, you have an opportunity to get out ahead of the trend and take precautions with your company now.  What kinds of precautions?  Here are a few suggestions to start:

  • Design a sound data governance strategy/plan to make sure your information is accessible, credible, usable and safe.
  • Design proper internal controls and continuous monitoring systems to help your organization monitor, manage and mitigate risks related to your information.
  • Get additional training and education about current best practices to build and manage data governance policies.
  • Obtain the technical skills training to enhance your knowledge around technologies and tools to help your organization effectively manage and protect its information from risk.
  • Educate your board (if you have one) about material risks like cyber security and provide a mechanism for them to monitor such risks
Please share your thoughts (in the comments section of this blog) on this topic and what you plan to do at your company about cyber security risk, particularly if you are at a small to medium size (SME) company.

#strategy #IMA #data #BigData #breach #tech #cfo #SME #TechTalk #CMA #Cyber #cybersecurity #Csuite #HotTopic #IT #risk #datagovernance