For the London Free Press – November 19, 2007

Read this on Canoe

A survey conducted by Ledger Marketing for Fusepoint Managed Services shows that most are concerned about data security, but fewer are confident they are doing it well. Only 37 per cent have confidence that their data is protected against attacks.

The survey questioned individuals and executives in Canadian companies about their confidence in their security systems, their knowledge of how the data is being protected, and whether there had been any security breaches.

The survey showed the adoption of security services increases as the company size increases, which is not surprising. What is surprising is one in five executives at Canadian companies report their company does not use anti-virus software and one quarter operate without a firewall.

The need for organizations to keep their data and networks secure is more than just an IT issue. As George Kerns, president and chief executive of Fusepoint Managed Services, points out, “Security is not just a technology issue; it’s a corporate governance issue.”

It is surprising that more attention is not being placed on security and privacy at the boardroom or executive level, especially in light of highly-publicized incidents such as the TJX Cos. security breach, which resulted in a joint Privacy Commission inquiry.

It is also surprising given that 62 per cent of executives felt that a security breach would impact their brand.

So the survey suggests that most executives feel that data security is an important issue, and one that can have negative consequences. But at the same time, they are either not confident in their efforts to deal with it, or are indeed not dealing with it at all.

We have to keep in mind that this survey was commissioned by a company trying to sell its services to address security issues, so the situation may not be as bad as the survey suggests.

Even so, it shows that many organizations:

- Don’t understand the need to address security issues;

- Don’t understand how to deal with security issues;

- Don’t address security issues as a board level governance issue;

- Ignore the issue hoping nothing will go wrong for them.

All organizations need to deal with data security in a way that makes sense for their operations, the nature of their systems and the type of data they hold.

If they do not, it violates privacy laws, and possibly agreements with their customers or suppliers. The risk of harm if there is a security breach is real. No organization wants to face the wrath of customers or the negative headlines that follow a breach.

The message in all this is that every organization should take a serious look at data security starting at the executive and board level. As with any other policy, consider the needs, the risks, and drive to a solution that works for that organization.

That solution may change over time as technology changes and risks change, so its not a matter than can be looked at once and forgotten.

Doing nothing, or ignoring the issue, is not an option.