Will Quebec SMEs wait until they no longer have a choice before protecting personal information? This is what the cybersecurity firm Neotrust fears. Drawing on its European experience, the company notes a similarity between the behavior of local SMEs and their European counterparts, faced with the same issue a few years ago.
As soon as its Montreal offices opened at the start of the year, the French cybersecurity services provider Neotrust immediately launched into the work of bringing Quebec companies into compliance with Law 25. This is because Quebec SMEs are still far from the requirements of provincial regulations which aim to protect personal information in organizations.
To comply with Law 25 as well as for their security in general, Neotrust encourages companies to integrate cybersecurity from the start of projects. “Traditionally, cybersecurity always arrives at the end of the chain,” regrets Thomas Veynachter, general manager for Quebec of Neotrust. “The problem is that security before is seen as too expensive, but security when everything else is decided is too late. »
“Entrepreneurs come to us and ask: how do I get started? » There are also all those who prefer not to ask questions, telling themselves that they will never be audited, specifies the manager of a team of nine employees in Mile End.
Thomas Veynachter is not surprised to see few SMEs launching their project to comply with Law 25. “It was the same in Europe when the General Data Protection Regulation [GDPR] arrived,” recalls French expert, who witnessed the difficulties of European companies in complying with the GDPR before coming to settle in Montreal. “Large companies have taken GDPR head on. Everyone saw that they were having difficulty complying… For their part, small businesses did not feel concerned,” he relates.
When large European companies became GDPR compliant, a lot of things suddenly changed. These firms had realized that interconnected systems meant that an SME could become a gateway for hackers.
“Large companies decided to exclude suppliers who were not compliant. Many SMEs have lost large customers for not having made the effort to comply,” underlines Mr. Veynachter.
“In Quebec, we are not there yet,” explains the general director of Neotrust. Large companies are not yet in a position to only work with compliant third parties. It could take two or three years. »Once this deadline is reached, non-compliant SMEs could lose big, he warns. And then it could be too late for many of them.
