Security is always important to protect your business – whether it's digital and bricks and mortar. But what’s the most important thing to protect, and how do you do it? We asked one SME owner who operates a security firm for his advice.
Security is key
Speaking to My Business, Daniel Lewkovitz, CEO of Calamity Monitoring, says keeping up to date on security should be the highest priority for SME owners.
“Security and risk management is of the utmost importance to a business which wishes to stay in business,” he says.
Mr Lewkovitz also suggests that SME owners should look at both physical and digital security in equal measures, rather than prioritising one over the other.
“The security of any system is only as strong as its weakest link,” he says.
“You could have the best firewall and encrypted data systems known to man, but if a person can walk in off the street and physically remove your server, then you'd have no security.
“In the opposite direction, you could have armed guards standing outside a fortified building, but if hackers can come in over the wire and steal your information assets, you'd have no security either.
“It's important to address all of these angles, both online and in physical presences.”
“Every organisation – and indeed every different individual situation – is unique, and it's important that people look at their own organisation, look at what the assets are that they're trying to protect.”
Blanket approaches don’t work
Mr Lewkovitz says that businesses can’t just put in an alarm here and a few cameras there, but need to take a methodical approach and carefully consider their full requirements.
“A small business [such as] a corner shop may not have significant information assets that are worth anything, but they may be at risk of armed holdup, whereas a major organisation that trades in information that is worth billions may not necessarily be at risk of a person walking in with a shotgun to steal cash, because they don't have any,” he points out.
“Now, both of those organisations have significant risk issues that they need to address, but they're facing a very different range of threats.
“Every organisation – and indeed every different individual situation – is unique, and it's important that people look at their own organisation, look at what the assets are that they're trying to protect.
“The first step in this process really is just an analysis of '[What are we] trying to protect?’ and ‘Have we protected it?’. What happens next depends on the individual circumstances.”
Stopping tomorrow’s crimes
When considering security firms to partner with, Mr Lewkovitz suggests finding a firm that adapts with changes in technology, rather than one that just stays with the same kind of security.
“There's a never-ending arms race between criminals and law enforcement,” he explains.
“Security and police are very good at stopping yesterday's crime; they're not always that good at stopping tomorrow's.”
Mr Lewkovitz uses the rise of ransomware as an example: malicious software that can lock all the data on a computer, and promises to unlock it in exchange for a fee, typically in the hundreds of dollars.
“The question is whether it seems like there's more of that because we're hearing about it in the news, or if we're only hearing about it because it's more newsworthy by way of its uniqueness,” he says.
“When you have traditional crime – armed robbery, homicide, theft, major fraud – those things are fairly accurately reported on by way of law enforcement, because people go to the police, they report a crime, those statistics are available.”
However, when considering crime involving IT, Mr Lewkovitz says that it gets more difficult to find information, as there are business owners who aren’t even aware of a breach in their systems, compared with the evidence of a robbery at a physical premise.
“That's the first thing: there's just ignorance – people don't even know about it.”
In order to keep on top of security, Mr Lewkovitz advises business owners to conduct their own research into how similar businesses are impacted when affected with a new kind of attack, and ensure that their business won’t be affected too.
“Organisations that ... look at their security management tend to be very good at stopping not only the existing range of criminal activity … but they're often well protected against tomorrow's crime as well,” he says.
“The best way to approach security is on a proactive basis. Or, I suppose, to draw an analogy, putting out a fire might be seen as successful, but preventing that fire having been lit in the first stage is usually a lot more successful.”
Do your research
Mr Lewkovitz says SMEs shouldn’t put their faith in just any security firm.
He suggests business owners partner with a firm that can actually prove what it can do help their business.
“There's very low barriers to entry in the security industry,” says Mr Lewkovitz.
“Anybody with a 1300 number and a P.O. box can call themselves a security company, but there is a difference between people who … can actually install and design effective surveillance systems, access control intrusion detection systems, versus any number of people who may be able to run a cable, or screw a few things to a wall, but perhaps don't have an overall consultative approach to security.”
He also says SME owners should be inquisitive as to whether the security will actually help their businesses, “rather than just assuming an alarm is an alarm, or a camera is a camera”.
By doing so, Mr Lewkovitz says SME owners can assess whether a security company takes the traditional route, or if they take a more custom-fit approach to their client's needs.
“Don't just look at the building and don't just look at the firewall, but actually look at the people.”
The most important assets to protect
According to Mr Lewkovitz, the most important assets a business can protect are its employees and reputation.
“Typically, organisations look very closely at their buildings, they look closely at their cash,” he notes.
“All of these things, typically, are replaceable and insurable.”
Just as buildings and income are considered assets, your business’ employees are just as valuable, according to Mr Lewkovitz.
“I think that's actually an area that organisations need to look very closely at,” he says.
“If you have a staff member who then ends up with Post-Traumatic Stress Disorder (PTSD), or has to take extended time off, and starts having nightmares, those are things that are extremely, extremely costly to an organisation in terms of staff wellbeing.”
While Australia is a safe place in which to live and work, Mr Lewkovitz says it’s important not to believe it’s always safe.
“If we were South Africa or Colombia, you'd completely take for granted that staff can be assaulted and robbed,” he says.
“The reality is Australia is a safe place, but that's not to say it's nirvana and nothing happens. That is also an important risk.”
As such, he concludes, “Don't just look at the building and don't just look at the firewall, but actually look at the people.”
If you want to keep up to date with stopping tomorrow's crimes, you can read our previously published articles on how SMEs can protect their digital security and how to use your IT staff's knowledge to boost cloud security.
Analysis: The misnomer of bank regulation and loan costs
By Adam Zuchetti
Analysis: Bank ‘misconduct’ a woeful understatement
By Adam Zuchetti
Analysis: Banks wrongly targeted as business custodians
By Adam Zuchetti