As head of the Privacy and Cyber Crime Institute at Ryerson University and chair of the Law and Business Department at the Ted Rogers School of Management, Avner Levin is a frequent presenter at privacy and security conferences, and his work has been widely published, including in refereed journals, two books and such reports as Under the Radar: The Employer Perspective on Workplace Privacy, funded by the Privacy Commissioner of Canada’s Contributions Program. Mr. Levin spoke with Alexandra Lopez-Pacheco on how IT security and privacy issues affect entrepreneurs.
Q Many entrepreneurs, particularly startups, believe they’re not as likely to be targeted by cybercriminals as larger corporations. Is this true?
A The risk entrepreneurs and larger corporations face are no different. The obligations entrepreneurs have and the risks they face in terms of attacks on their systems, attempts to hack, are the same. You could say that because they’re smaller, they won’t draw attention but the substance is that if someone thinks there is valuable information to be hacked, they will hack it.
The difference is whether or not the business does anything about it. It’s not because entrepreneurs don’t think they are at risk that they don’t do anything about it. It’s that they act only in ways they see impacting their bottom line.
So if we’re talking about a small business in the food service, say, they have opened up a restaurant, they are thinking about their promotions and asking people for their birthdates and collecting business cards, all of which seems to be relatively innocent information. They’re not going to be too worried. Instead, they are worried about health and safety because health and safety can come in and shut them down, whereas the privacy regulators aren’t going to shut them down.
That’s the type of conversation a lot of entrepreneurs have. They focus on what can the regulators do to me rather than what can they do in terms of best practices. If there’s no penalty or fine or a threat to their business, they won’t be necessarily bothered around best practices in privacy and security.
read more..............http://business.financialpost.com/2012/12/27/obligations-and-risks-of-itsecurity-is-the-same-for-large-or-small-firms/?goback=%2Egmp_38412%2Egde_38412_member_199539276&__lsa=ac64-92c2