Hello readers, today’s discussion will be based on this theoretical paper I just came across this morning called Information systems security issues and decisions for small businesses: An empirical examination by Atul Gupta & Rex Hammond. I will tell you what the paper say and I as usual my critique follows. So grab your cup of tea, take a sip and take a read. 🙂
ORIGINAL THEORETICAL PAPER for further references.
About the Theoretical Paper
The authors of this theoretical paper believe that the global proliferation of the internet, falling computer prices and a growing menu of applications are compelling businesses of every size to rely on computers to store, manage and transmit vital information.
As a result, the value of business information as attracted lots of malicious activities on the internet.
However the purpose of this paper is to gather information about IT related security issues in small-medium enterprises (SMEs)
Methodology
The authors of this paper stressed the gap between academic researches and the issue of information security surrounding small businesses is almost negligible.
However to make adjustment to this, a survey was carried out on the issue of information security faced by SMEs. 1000 questionnaires were mailed to small business owners in Lynchburg, Virginia, United State of America. And 138 valid responses were received.
Findings
Findings in this paper indicates that:
- 56 of surveyed SMEs had Information security policy
- 59 of surveyed SMEs had Computer use and misuse policy
- 36 of surveyed SMEs had Proprietary data use and misuse policy
- 35 of surveyed SMEs had Communication use and misuse policy
- 33 of surveyed SMEs had Business continuity plan
- 45 of surveyed SMEs had Information security procedures
- 29 of surveyed SMEs had Data destruction procedures
- 13 of surveyed SMEs had Media destruction procedures
- 35 of surveyed SMEs had Information sensitivity levels or coding
- 26 of surveyed SMEs had Computer emergency response plan
- 19 of surveyed SMEs had Computer emergency response team
- 65 of surveyed SMEs had Data recovery procedures
- 78 of surveyed SMEs had Anti-virus software
- 33 of surveyed SMEs had Data segregation
- 59 of surveyed SMEs had Firewall(s)
- 35 of surveyed SMEs had Intrusion detection system(s)
- 26 of surveyed SMEs had Encryption
- 80 of surveyed SMEs had System access control
- 24 of surveyed SMEs had Facility access control
- 12 of surveyed SMEs had Dial-back modem
- 48 of surveyed SMEs had Redundant systems
- 29 of surveyed SMEs had System activity monitor
- 1 of surveyed SMEs had Media degaussers
- 110 of surveyed SMEs had Power surge protectors
- 12 of surveyed SMEs had Security evaluation systems(s)
- 67 of surveyed SMEs had Shredders
- 90 of surveyed SMEs had Data backup systems(s)
Conclusively, this finding indicates that some 40.5 percent of SMEs are taking some security measures by having information security policy in place; 42.7 percent of SMEs operates with computer use and misuse policy and 47.1 percent have data recovery procedure in place.
These authors believe that SMEs are slow in updating their written security policy because most SMEs barely experience security breaches according to the survey. Also majority (56.5 %) of SMEs uses antivirus to protect their business according to this survey. 42.7% uses firewall as a form of protection, 57.9 % systems access control, 79.7% power surge protector and 65.2% uses data backup systems. Although most SMEs have not had viruses damage their systems but the survey indicates that out of all the surveyed information security problems facing SMEs such as:
- Insider access abuse
- Viruses
- Power failure
- Software problems
- Data integrity
- Transaction integrity
- Outsider access abuse
- Data secrecy
- Data availability
- Data theft
- Data storage
- User errors
- Natural disasters
- Internet fraud
Viruses seemed to be SMEs main concerns as it is the main source of security breach in their businesses followed by power failure, software problems, data integrity, and transaction integrity and data secrecy respectively.
Critique
However my critique according to these findings is that information security management is very important in business activities. Data gathering without appropriate data safeguard is unethical and this could lead to lots of social issues, legal issues just as in the case of Doubleclick, an online advertising company that has been charged so many times for unethically gathering people’s data .
“On May 10, 2000, eleven federal class action lawsuits brought against DoubleClick, Inc…” (Elisa, privacy law in q1 2002, 2008) and even professional issues could trigger if care is not taking.
Hence it’s a good result from this survey that most SMEs are implementing some sort of security measures. However it is recommendable that security should be addressed as a continuous process. Also it is recommendable that SMEs need to re-evaluate their security policies as they become effective in dealing with security threats.
According to another vital finding in this paper, most SMEs continue to choose security technologies that are not very effective for their business.
However according to some of the theoretical papers have studied e.g. “Factors influencing information security management in small- and medium-sized enterprises: A case study from Turkey” by Yeniman et al, I will conclude that this could be as a result of tight budget among SMEs that as made their security choices limited.
Also I understandable that SMEs owners are mostly occupied with the burden of operational and strategic management in their businesses and as a result not having the time to fully formulate a security strategy to protect their valuable information or worse still, the cost of formulating or affording an appropriate security technology could be seen or perceived as prohibitive due to the size of their company or earnings. In this light I will suggest that maximum security measure is a cost of doing business and organisations that brace themselves well against possible threats will benefit the most in the long term.
Thank you for reading! It’s an open discussion so tell me what your opinion is in the comment box below 😉