Cybersecurity: A Competitive Advantage for SMEs
Now more than ever, information security is central to business growth. In fact, it’s essential for their survival. This is true for all SMEs.
CIS Group, a company based in Saint-Jérôme that develops software for distributors, has understood the need and has already made a major push to adopt the cybersecurity best practices.
In fact, the SME is aiming for ISO 27001 certification, the international benchmark standard for information security.
A client requirement
CIS Group is a leading North American supplier of IT solutions used for direct store delivery, sales force automation and people and freight transportation. The company’s applications are deployed on client servers and in the cloud, and they often contain sensitive information. CIS solutions have a total of 15,000 users, mainly in the food industry.
“We implemented a custom security program to ensure that security best practices are followed at every step of CIS Group’s product development process,” says Guillaume Caron, who is president and CEO at VARS and supported CIS Group with its initiative.
CIS Group was already planning to take these measures, but the company decided to get the ball rolling sooner than planned because two clients specifically asked the software developer to align with a recognized cybersecurity standard.
This is happening to SMEs across the board. Increasingly, major public and private businesses want their suppliers to get serious about information security. That’s because they want to protect themselves from cybercriminals hoping to attack them by gaining access to their suppliers’ systems. Of course, the pandemic accelerated the trend by upending established work methods.
CIS Group can now assure its clients that it complies with the most stringent cybersecurity rules. “This will give us a competitive advantage for increasing customer loyalty and supporting our growth both domestically and internationally,” said Éric Tessier, Vice-President, Sales and Marketing at CIS Group.
“We were already adhering to many best practices, but our processes weren’t sufficiently documented or systematically applied with the right level of attention. During the certification process, we addressed certain gaps and made sure that all of our 70 employees were aware of the applicable security rules,” explained Joël Desjardins, Strategic Director, Mobile Solutions at CIS Group.
A detailed process
The road to ISO 27001 certification can be long. It involves:
- Performing a complete risk assessment;
- Identifying where corrective actions are needed;
- Implementing an information security program;
- Creating business continuity and incident response plans;
- Setting up a permanent risk management committee;
- Performing an audit.
At CIS Group, more than 25 new policies related to various cybersecurity issues were defined. “The whole process is a major undertaking and you need to get assistance from the right people. With VARS, we were able to get it all done in just 4 months,” said Joël Desjardins.
Companies also need 24/7 solutions to prevent cyberattacks, but these can be very costly for SMEs. The essential services provided by VARS include continuous workstation and network monitoring, intrusion testing and phishing simulations, advanced email security, as well as staff training. VARS also gives companies access to a Chief Information Security Officer.
As for CIS Group, the company plans to continually improve its information security efforts, even after it gets ISO 27001 certification. It’s also committed to adhering to the standard’s rules for at least 3 years. An annual audit will be conducted to verify compliance and identify further opportunities for improvement.