Protecting your small business means more than checking off a few boxes

If you’ve taken a stroll through office superstores or even a modern mega-bookstore you’ve no doubt noticed the abundance of ‘kits’ jockeying for position to help us neophytes tackle complex projects with a legal or regulatory slant: everything from creating a living will to wrapping up a divorce in a half hour flat is there, in all its checklist-powered splendor.


Does that level of commoditization work? You bet. It’s cheap and it directly addresses the interest of a specific segment of the public, namely those who would rather handle things themselves and save money in the process. The fine print is that you don’t get the personalized, guaranteed service of a dedicated professional. But so what? It’s better than nothing and if you choose to then hire a professional, you’re already going to be on the right track.


The problem arises when you do visit that lawyer, accountant or neurosurgeon and they dismiss all the good work you’ve done because it is simply based on a system they had nothing to do with developing. So you resign yourself to starting over and realize that you might have had a false sense of comfort about the whole thing all along.


Now imagine that one of those kits included a ‘Do-It-Yourself Life Insurance Policy Kit’ promising to give your family guaranteed income and zero-effort payout in adverse situations. Would you use it?


That depends. If that kit is published by a reputable company and as the first step in the process of getting your personalized policy, then you might consider it as a pleasant  alternative to having to decipher the industry jargon of a somnambulant customer service representative. If however that ‘kit’ offers you a DIY solution to all your worldly problems in a pretty package, then it’s most likely going to cost you a lot more than the sticker price.


And so it is with the security and privacy space that I work in. I see everything from IT companies to product vendors promoting their wares with manufactured urgency. The move to commoditize security has little to do with superior product and more to do with reaping the rewards of fear, uncertainty and doubt (FUD). It is always refreshing to see a true security professional or company that is responsible about their use of language and passionate about transferring knowledge, but these are few and far between.


As a small business owner or professional you should remember that security is still an immature industry and privacy is a nascent profession. Although threats to valuable assets are constantly emerging and calculable risk can be found everywhere, those who choose to operate in this space should always strive to educate before opting to instill fear in their (my) audience. So if you’re in the market for quality products and services, stay away from FUD and ask yourself if the all singing, all dancing software you’re being compelled to buy can really protect you or whether it’s just smoke and mirrors. Still in doubt? Let’s talk.



Claudiu Popa is a corporate security and privacy-risk advisor with Informatica Corporation and founder of He is also co-author of The Canadian Privacy and Data Security Toolkit (Canadian Institute of Chartered Accountants, 2009) and Managing Personal Information (Reuters, 2012). Follow his informative tweets @datarisk or