Using computer-based information in a business brings with it some risks such as data loss, downtime and compromise of systems and data. Business owners must manage these risks, but to do this they must understand the nature of the risks and some alternatives for dealing with them.
Data loss can occur because of accidental or malicious deletion of data, loss or corruption over a period of time, a crashed disk or server failure. There is general recognition of the importance of reliable, automated backup procedures, robust virus protection and offsite copies of data, yet information loss remains one of the greatest dangers to small and medium-sized businesses. Surveys continue to show significant levels of unpreparedness, from lack of any virus protection to performing no server backups. This is more likely in smaller businesses because they seldom have an IT specialist and there are always more urgent issues demanding attention.
Accidents and disasters are unavoidable: not a case of if, but when. They can happen because of failed servers, a fire, local power failures, or larger events that knock out local or regional infrastructure.
All represent downtime to a business, something that can quickly become expensive. Consider what a simple power failure would mean to your business if it lasted more than a short time. In a recent survey almost half of businesses said they could tolerate a shutdown for only one to four hours before experiencing major adverse effects. Longer interruptions, running into weeks or months, can lead to much more than lost revenue, such as lost customers or employees or damaged reputation. There are several options available that deal with these kinds of risks; some to consider might include a duplicate server, an emergency generator or leased space from a data centre.
Security breaches are a third area of threat to safeguarding data. Laptops can disappear and data can be stolen by hackers and malware. Employee error or carelessness can also compromise security meaning confidential data can fall into the hands of an unauthorised recipient. This can be through misdirecting email or misplacing CDs or USB drives. The consequences of any of these can be severe: adverse customer or supplier relations with resultant possible legal liability and penalties under privacy laws.
Protection against this category is a challenge for businesses. Many solutions are computer-based, such as firewalls, anti-malware programs and possible laptop hard-drive encryption. However, much depends on proper education of users; businesses must put in place robust procedures and ensure users comply with them. Rules for passwords and care in handling laptops will not help if nobody follows them.
The examples above are not exhaustive but may help in understanding the issues in protecting data and identifying gaps in existing practices. To develop an effective strategy, businesses should:
• seek expert advice
• fix their tolerance for downtime and data loss and budget for precautionary procedures
• identify and implement particular solutions
• test recovery plans.
Finally, it is important that the IT expert communicates the process so users understand what they are getting.
Equally, it is important that users set out clearly what they need.
Marshall Egelnick is a partner with Russell Bedford’s Toronto firm, Kestenberg · Rabinowicz · Partners LLP. He provides accounting and auditing services and is responsible in his firm for Information Technology. firstname.lastname@example.org.
Established in 1983, Russell Bedford International is a global network of independent firms of accountants, auditors, tax advisers and business consultants.
Ranked amongst the world's leading accounting and audit networks, Russell Bedford is represented by some 460 partners, 5000 staff and 200 offices in more than 80 countries in Europe, the Americas, the Middle East, Africa and Asia-Pacific.
All Russell Bedford affiliates are well-established firms offering international business advice and services to local and multinational clients. Most provide a full range of services comprising accounting, auditing, tax advice, general business guidance and financial consulting. In addition, many have special expertise in particular fields, such as international taxation or information technology.
In January 2008 Russell Bedford International was named one of the first 17 full members of the IFAC Forum of Firms after reporting it had implemented a globally coordinated quality assurance programme, committed to the use of International Standards on Auditing (ISAs), and met other specific ethics requirements.