The Importance Of A Cyber Security Gap Analysis

In late January of 2019, Dean Allison, MP for Niagara West filed an order paper question pertaining to the federal government’s effectiveness with respect to safeguarding the information that they have on files for Canadians. The government’s response, released a few weeks later, was eye-opening to say the least. Between January 1, 2018 and December 10, 2019 there were nearly 8,000 data breaches involving various government departments that compromised the personal information of approximately 144,000 Canadians. Moreover, not all the Canadians affected have been told about it.

Leading the pack with more than 3,000 breaches affecting nearly 60,000 people was the Canada Revenue Agency (CRA). CRA blamed incidents on misdirected mail, security incidents and employee misconduct.. Of the 3 reasons listed, the latter two reasons are probably the most intriguing, especially if you have important management responsibilities for a large organization. For starters, you may want to carefully consider who has access to your customers’ sensitive information and what safeguards (if any) are in place to ensure that this information doesn’t fall into the wrong hands?

Protecting your customers’ sensitive information from both external AND internal threats is an enormous and necessary responsibility, regardless of business size or type. For example, you may feel that you have implemented effective controls for guarding against cyber security threats from outside the organization but what about what goes on within your own walls? Do you have internal policies and procedures in place that prevent or mitigate computer security breaches that originate with your employees – be they the result of simple carelessness, human error, or any other reason? Are your employees adequately trained in terms of what they can do in their everyday job functions to guard against cyber-attacks? If you are at all unsure (or even if you are sure that you have all the bases covered), a security gap analysis can be both an eye-opener as well as a crucial first step on the path to a secure business environment that is safe both from within and without.

Simply put, a security gap analysis will provide you with a 360-degree view of your current security position i.e. determining the state of your business’s present information security vs. what its optimum state should be (which will vary from business to business depending on the industry they are in and its legal and regulatory limits). By having this kind of intelligence regarding your business, you can see more clearly where you might be vulnerable and how these vulnerabilities may be best addressed. A gap analysis can also identify what the organization already does well, thus saving time and money by not tinkering with what is already working well at the expense of that which is not.

Making the decision to undertake a security gap analysis is one thing – the next step is making sure that it is done correctly. An effective security gap analysis should cover best practices for a variety of key areas which can impact security as well as provide benchmarks that you can measure your existing security policies against.

As to what a typical security gap analysis entails, the areas that are commonly reviewed as part of the process includes organizational and management practices, personnel practices, physical security, data security, personal computer security practices, and incident response, just to name a few.

For a gap analysis to produce the best results it should be conducted by a neutral party so as to ensure the process is unbiased. However regardless of who ends up conducting the analysis, the final result should be a report that highlights findings that include risks, recommendations and compliance requirements to any specified standards that apply to your business. Just about every day there is news about a new cyberattack that has affected either a large well-known business, a city, a state or province or a government organization. As a result, trust and confidence both seem to be ebbing in customers’ minds when it comes to how they view both private and public sector organizations and their data protection. Taking proactive measures to ensure the confidentiality of their customers/clients’ information, and being SEEN to be doing so is a crucial step when it comes to creating and maintaining their confidence.

We’re Here to Help

What our clients are saying about us

“Never any issues with you guys! Things just work.”

Gerry Henstra, CEO, Henstra Business Solutions

“Customer service is a really big deal to us, and I am glad to do business with a company that obviously takes it as seriously as we do.”

Jeff Boatman, Global Client Solutions

“We’re happy with the IVR Payment system and it has been working well for us. Recently we also setup your newest SMS (text) receipts and found it to work great.”

IT Manager

“I want to command you and your team at Datatel on the job just completed for Tele-Response Center. The attention to detail and professionalism with which you approached the project was exemplary and greatly appreciated especially considering the several applications that needed to be implemented on short notice. Thanks again for your assistance getting this project off the ground so smoothly.”

Joe Grossman, Sr. Vice President, 121 Direct Response

“My team and I would like to commend Datatel on creating an IVR application that adds great value to our new Travel product. Your knowledge, input and expertise in IVR scripting, call flow management and overall IVR logistics made the development and implementation stages extremely easy to manage. Thank you for a well executed campaign that was launched on time and on budget.”

Ryan McCullough, Marketing Manager, Aegon Direct

“Great team to work with. I look forward to utilizing some additional capabilities in the future.”

Bob Griffin, VP of Operations, MedA/Rx

“We are very grateful for many years of mutually beneficial business relationship with Datatel and for impeccable customer service we have received during these years.”

Director of Student Accounts

“We, Standard Life, very much appreciated Datatel’s expertise, knowledge and support as we worked through the development and implementation stages. Our Clients appreciate the simplicity of the capability, while gathering very valuable feedback. Thanks for making this a very positive experience.”

Anne Pennell, VP, Customer Services Operations, Standard Life

“This was one of the best implementations I have been a part of. The communication was excellent and everything was responded to and dealt with swiftly. A real pleasure. We are looking forward to the impact this will have on our patient payments! Thank you!”

Kim Pace, Director Patient Accounts and Revenue, Chatham-Kent Health Alliance