Cyber security is one of the most important issues facing companies of all sizes in every industry. According to a 2017 report by the Canadian Chamber of Commerce, Canada loses 0.17 percent of GDP to cyber crime, which is equal to more than $3 billion per year. Beyond the obvious financial impacts, cyber crime also causes drastic reputational damage and can lead to potential conviction for a Personal Information Protection and Electronic Documents Act compliance failure, which can be up to $100,000 per record.
The Responsibilities of IT Security Managers
Cyber security managers are responsible for a company’s cyber security detection, protection, response, and recovery. Aspects of the job include installing and maintaining controls such as firewalls and encryption, risk management, and identifying vulnerabilities such as data leaks and other privacy issues.
Regulations regarding credit card security are constantly changing, and it is a cyber security manager’s job to ensure compliance and implement new policies and technology to keep up and keep you out of trouble. Another important aspect of the job is to have a detailed security incident response plan in case the worst does happen. It’s impossible to be 100-percent certain your company will never be attacked. If and when it happens, you want to have a plan in place to fix it.
Internal Manager or Outside Consultant?
Large companies usually have several managers, along with a large staff, all tasked with keeping would-be hackers at bay, while small businesses often have just one cyber security manager who is responsible for running the whole show.
Having dedicated, trained IT security staff on payroll often doesn’t make sense for small business owners. Many small businesses find it much more practical and cost effective to hire an outside firm to handle its cyber security. Having a trusted IT consultant may not only save the day, but it may just save your business, and hundreds of thousands (or even millions!) of dollars.
Finding the Right Cyber Security Expert for Your Company
Asking the right questions about a subject you know little about can be intimidating. When meeting with a potential consultant or manager, be up front about your level of knowledge regarding cyber security. If you aren’t an expert, for the sake of your business, don’t try to fake it.
As with any job opening, it’s a good idea to meet with several potential consultants or applicants to find the best fit for your company. Ask them what legal and regulatory requirements your business should be most concerned with and how they would address such requirements. Be sure to ask for references if they have dealt with similar issues elsewhere, and follow up with their previous clients.
Also ask who is going to perform the actual work. Firms often send out their most experienced representatives, or even the business owner, to meet with potential clients, only to send newly hired, inexperienced technicians to perform the onsite work. While everyone has to start somewhere, you don’t want a newbie who is learning on the job leading your business down a path to destruction.
As technology changes, cyber criminals are always on the lookout for new ways to infiltrate the data systems of businesses like yours. Unless you already have someone in-house who is capable of staying one step ahead of the bad guys, finding a cyber security manager or consultant should be a top priority.