A tool for Canadian SME’s in their battle to improve cyber-security

According to Industry Canada’s 2012 analysis of small and medium enterprises in Canada, over 7.7 million employees, or 69.7 percent of the total private labour force, worked for small businesses; 2.2 million employees, or 20.2 percent of the labour force, worked for medium-sized businesses.

In total, SMEs employed about 10 million individuals, or 89.9 percent of employees. In that same year, Statistics Canada reported “Almost nine  out of 10 (87 per cent ) of Canadian enterprises reported using the Internet…. Among enterprises with 10 or more employees, Internet use was almost universal, at 96 per cent.”

In its 2013 study on the impact of cybercrime on Canadian businesses, The International Cyber Security Protection Alliance (ICSPA) found that over a 12-month period in 2012, 69 per cent of 520 Canadian  businesses surveyed reported some kind of cyber-attack. The cost: approximately $5.3 million or about $15 thousand per attack. The study found that while almost 70 per cent report taking cyber security seriously, only 60 per cent undertake steps to raise awareness of cyber security among employees. They often do so passively, by use of emails and/or company manuals. Only 22 per cent reported having a rigorous, pro-active risk assessment process.

Taken all together, it would seem that in Canada, almost all medium and many small enterprises use the internet and so are vulnerable to security threats. The breakdown of respondents in the ICSPA report makes it clear Canadian SME’s are being hit by cyber-crime events and other security breaches. A survey of current security literature warns of an increase in these kinds of attacks with SME’s gaining favour as targets. This is due to their perceived ease of compromise, due to nonexistent or less sophisticated, security systems.

No business, SME or otherwise, wants to be a target and find itself subjected to cyber-attack, perhaps losing valuable information and revenue. It is safe to say not many SME’s have the personnel with the expertise to properly decide, develop, implement and manage the necessary security solutions. Even those that have strong technical teams, have to answer the question of how best to deploy them. The increasing range of security vulnerabilities makes that a question not easily answered. Should the focus be on the network? Should user education and password management get the most attention? Should resources be concentrated on catching those emails that deliver more misery than message? What about mobile and BYOD? The list will only continue to grow.

While I do not have a complete answer for Canadian SME’s, there just may be a tool that can be used to provide a roadmap and solid starting point for improving their security state The Government of Canada’s ‘Cyber Security Strategy’ has three strategic objectives: 1) securing government systems; 2) working with the private sector and governments to protect critical infrastructure; 3) helping Canadians to be secure on line.

While the debate continues on how the government of the day is performing on meeting these objectives, the Public Safety Canada December 2013 publication ‘Get Cyber Safe Guide for Small and Medium Businesses’, developed on behalf of the Government of Canada, is aligned with objective number three. In an easy to understand format, its a logically presented explanation of the risks to SME’s, with suggestions of how they might be mitigated.

The authors state the guide “is designed to help Canadians who own or manage a small or medium business understand the cyber security risks they face, and provide them with practical advice on how to better protect their business and employees from cyber-crime.” It attempts to cover a broad range of security topics from basic management issues and policy, through web security, email, data, remote access, mobile device and even employee security. The appendices provide useful information, links, and tools including a security self-assessment for SME’s and a glossary of security terms that will help everyone speak the same language.

Security is and will continue to be a concern – a moving target for all of us. In the case of SME’s at least, Canada’s Cyber Security Strategy has provided a practical tool with potential to help improve their cyber security situation. If you have used this guide, it would be great to hear about your experience. If you have not yet seen it, and do decide to use it, please send along your thoughts on its usefulness for your company. Spreading the word helps everyone.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Dave O'Leary
Dave O'Leary
Dave is a founding managing partner of REDDS Venture Investment Partners (www.reddsvip.com). His career in post-secondary education included roles as CIO, Vice-President and acting President. Dave is a member of the Practitioner Board of the Association for Computing Machinery. He chairs the ACM Practitioner Board Marketing Committee and is also a second term member of the Board's Professional Development Committee. (ACM - Association for Computing Machinery--official IFIP international member representative, largest and most respected international computing science, research, education, innovation professional association well known for their AM Turing Award (Nobel of computing) with 1 million USD prize, 1.5 millions user digital library, 2 million reach, learning center, Applicative conference, Queue magazine, 200 conferences/events, 78 publications/news, 37 Special Interest Groups). He is a board director of the Global Industry Council and the immediate Past President of the Canadian Information Processing Society of British Columbia. Dave is co-founder and director of an ISV computer technology business and is currently leading and advising start ups in the USA, China, Europe, and Canada. He serves as a task force member of the Institute of Electrical and Electronics Engineers (IEEE) and is the past chair of the Canadian National Council of Deans of Information and Communications Technology. He served two terms as a director of the Canadian National Information and Communications Technology Sector Council advising on National technology and economic strategy. Dave has appeared as a panel member in a number of Microsoft webcasts and has presented globally on the business and technical impacts of technology in training. He is the recipient (2002) of the highest national award for leadership in post-secondary education.

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight