Treat IT security like insurance

For smaller organizations, a change in the way they look at IT security is critical to bringing about more robust systems.
Written by Swati Prasad, Contributor

Last evening, I was sitting with an insurance agent to understand home insurance. He was explaining to me what it would cost to get my home insured for the next 10 years. The amount was quite insignificant. For most middle-class homes, it would be in the range of INR 8,000 to INR 15,000 (US$149 to US$279) for the next 10 years. The cover would protect their homes against fire and natural calamities.

The agent then explained what it would cost to insure my furniture, carpets, appliances, and so on. This too was a fraction of the actual cost--for an INR 20,000 (US$373) carpet, I need to pay only INR 15 (US$0.28) per annum!

When we got down to discussing gadgets, my laptop seemed priceless. It's not the gadget, but the data inside the gadget that was priceless. "Well, that's something you will have to guard. No insurance company can insure your data," said the agent.

Today, most of us the in metros and cities have tablets and mobile phones that give us access to our e-mail, which otherwise was accessible only through laptops. This also makes these gadgets equally priceless.

In the case of small businesses, access to any one of these gadgets would mean access to any kind of critical information regarding price quotations, agreements, tenders personal information, bank details, and so on.

According to Jagdish Mahapatra, managing director of India and SAARC at McAfee, SMBs underestimate their data. "They tend to have this notion that due to the small nature of their operations, they will not be a target for cyber attacks," he said.

I guess that's true of all of us. We underestimate ourselves all the time, even as we continue to delete spam and phishing e-mail every day.

It's difficult to put a value to our data because it is invaluable, unlike the value we assign to our house, appliances and furniture.

According to Kishan Bhatt, engagement manager at Zinnov, nearly 50 percent SMBs in India continue to use pirated copies of the legitimate versions. Now, how worthwhile is that? We know that new viruses and Trojans are created every day. And if you can't update the software, you can't guard yourself against the new attacks.

According to Mahapatra, the data and intellectual property of SMBs are very vulnerable to theft. Any unsecured database attracts attention from the hacker community, thus, putting the sensitive intellectual property in danger.

It's time SMBs start thinking about IT security as an insurance cover. Although no IT software or hardware can guarantee 100 percent protection from attacks, frauds and scams, at least it would be better than having no security at all.

Editorial standards