Menu
Menu
CIO upfront: ​A cybersecurity primer for SMBs

CIO upfront: ​A cybersecurity primer for SMBs

Neil Gong shares his insights as group IT manager at Airedale Property Trust.

Managing security to a high degree requires specialised skills and expensive resources, which SMB organisations don’t normally have.

Information security can be a daunting and challenging topic for small and medium size organisations.

With ongoing media coverage of security breaches both within New Zealand and overseas, it is clear that information security is becoming one of the top risks for businesses these days.

Managing security to a high degree requires specialised skills and expensive resources, which SMB organisations don’t normally have.

Recently, I saw an IT security audit and assessment offer designed for SMBs and the price starts from $15,000+GST. I would imagine not many small organisations can afford such a price, especially if it is just the discovery and it may cost a lot more for the fix and remedy.

Another problem with SMBs is that due to lack of internal IT resources, information security becomes a vendor-driven exercise with the focus put on technology components such as antivirus and firewall. However, it is hard to tell if your organisation is adequately protected even with all these investments in IT security solutions.

To help small and medium size organisations address their security challenges, I believe a simplified and balanced approach can be taken by paying attention to the two key elements: prevention and response.

Prevention is about doing everything possible to stop security incidents from happening. However, if there is a security breach, you also need to have a response plan.

There can be a lot to deal with in regards to prevention. The key elements you need to take care of are knowing where and how your data is stored by having an information asset record form.

To help small and medium size organisations address their security challenges, I believe a simplified and balanced approach can be taken by paying attention to the two key elements: prevention and response.

Neil Gong, Airedale Property Trust

As well, you need a risk register to identify your exposure, a technology plan focusing on getting the fundamental security practices right and a good ICT acceptable use policy to help your staff understand their roles and responsibilities.

One particular thing SMB organisations should put more effort into, is to improve their staff cybersecurity awareness against online scams and malware tricks.

By helping people understand the needs to become more digitally vigilant, both from a personal and work perspective, it will be the most cost-effective way to improve your organisation’s cyber defence.

To ensure an appropriate response when a security incident occurs, you will need to have a good backup system that you can test regularly using different scenarios.

All the necessary information such as key stakeholder contact details, system records, emergency response checklist and recovery procedure should be documented in your disaster recovery plan. Cyber insurance options should also be considered, to limit your liability and financial exposure to any such incidents.

Ultimately an information security threat cannot be eliminated these days, instead it is a business risk that needs to be managed. By adopting this balanced approach with a focus on the people and getting the basics right, I believe small and medium size organisations can manage their information security in a meaningful, effective and affordable way.

The author at a recent CIO roundtable discussion in Auckland.
The author at a recent CIO roundtable discussion in Auckland.

Neil Gong is group IT manager of Airedale Property Trust, the property arm of the Methodist Church in New Zealand. APT is a social enterprise, or 'for good' business; all profits generated by APT go towards supporting the social and community work of its sister organisation, Lifewise.

This is part of a special report on the New Zealand edition of the 2017 Global Information Security Survey conducted by PwC, CIO and CSO.





Send news tips and comments to divina_paredes@idg.co.nz

Follow CIO New Zealand on Twitter:@cio_nz

Sign up for CIO newsletters for regular updates on CIO news, views and events.

Join us on Facebook.



Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the CIO New Zealand newsletter!

Error: Please check your email address.

Tags Global Information Security Survey 2017leadershipcybersecuritysmbCIO roleIT managerNeil GongdisruptioncareercyberdigitalInternet of ThingsCloudstrategy

More about APTCSOFacebookTwitter

Show Comments