In Quebec, 31% of mid-sized and large businesses admit to having endured a cyberattack in the past. This figure, drawn from the NOVIPRO/Léger 2019 IT Study, illustrates the degree to which cybersecurity has become a significant organizational concern.

“Today, cyberattacks represent a real threat to all businesses, regardless of size or sector. This type of attack can suddenly deprive a company of its IT resources or the data required to carry out its business activities,” noted Roger Ouellet, Senior Solutions Designer and Security Practice Leader at NOVIPRO.

When visiting various businesses, he has noticed that many are unaware of the extent to which their activities rely on digital systems and data. “How long could a business continue to operate if, for instance, it can’t access data such as open order details, clients’ contact information, stock inventory levels, or employee payroll data?” he wondered. “They need to prepare for this business disruption risk by adopting a business continuity strategy.”

Protect yourself and your operations – and stay in business

Security breaches resulting in data losses can have a significant financial impact. In the U.S., the National Cyber Security Alliance notes that 60% of SMEs victimized by cyberattacks go out of business within six months of the breach.

In Canada, 49% of senior executives surveyed by PwC believe a cyberattack linked to emerging technology – such as robotics – would be disruptive to business activities. Also in Canada, an IBM Security study of 27 corporations last year estimated the average cost of a data breach at nearly six million dollars – an average of $245 per individual whose personal information was compromised.

Implementing an operational continuity plan: the Master Group case

Access to data is crucially important for companies using ERP-type integrated management systems. This is the case for the Master Group; with over 900 employees, this company is the largest independent distributor in the air conditioning, heating, geothermal systems, ventilation and refrigeration fields in Canada. Its client list includes installers, contractors, engineers, property managers, and real estate developers. Master Group services its customers in three ways:

  • through its 40 or so points of sale across its territory, supplied by six distribution centres;
  • through projects awarded via requests for proposals; and
  • through an online store.

“Between our online sales and our distribution centres, which are open at night to prepare next-day deliveries, we operate 24 hours a day,” explained Martin-Charles Pilon, Vice-President, Information Technology and Digital at Master Group. “I need to ensure that all employees and partners have permanent access to the technological tools and data they need to support our business activities.”

Although the company has not been specifically targeted in the past, its executive leadership has chosen to be proactive and to develop a business continuity plan. Master Group’s IT team collaborates with leaders within various departments, as well as with NOVIPRO, to identify mission-critical resources, set appropriate security levels to protect these resources, and implement security measures.

“I’m fortunate to be part of a company that understands the need for robust systems that are always available,” stated Martin-Charles Pilon. “Our executive committee recognizes the strategic importance of taking all necessary measures to secure our information and telecommunication systems. We must be ready to respond to outages, disasters, or cyberattacks at any time.”

Business continuity: a shared in-house responsibility

Like Master Group, every company currently operates within a complex ecosystem with frequent data-sharing between vendors, partners and clients. In this environment, all company departments must contribute to assessing risk and applying the required protective, defensive, and redundancy measures. “At the end of the day, creating a business continuity plan isn’t a technology project,” concludes Roger Ouellet. “It’s a business plan that requires the commitment of senior management.”

Read the next article in our "Security, a corporate challenge" series: How well do you know your company’s security risks?