IT in the 21st century
Technology and IT are integral to the 21st century, significantly impacting the way we do business, our social interactions and how we choose to entertain ourselves. Moreover, our unparalleled adoption of the web and the internet has rendered us heavily reliant on data and computer systems. We pay bills online, actively buy into e-commerce and FaceTime or Skype our friends and loved ones. We are able to instantly access sensitive records and files from government, banking and corporate websites. Put simply, IT saves money, time and resources. Who could ask for anything more?
The dark side of IT
The convenience that technology brings to our lives also has a dark side. That dark side is often in the form of cybercriminal activity and resultant breaches of data security. Data breaches, no matter how small, have the potential to wreak financial, professional and social havoc. Companies lose time and money, brands acquire a negative reputation, and customers seek more trustworthy partners. What strategies can we implement to lighten the dark side of IT? How can we ensure that data compromise becomes a distant possibility rather than a probability?
The gravity of data loss
As the owner of a small to medium-size business (SMB), you fully appreciate the gravity of breaches in data security and data loss. Such events can spell imminent demise for SMBs, particularly those operating on a tight budget or those having a high data dependency. The UK Cyber Security Breaches Survey 2017 states that about 7 in 10 businesses identified a data breach or cyber attack in 2018. The average cost of a breach was found to be £20,000 while some companies were faced with losses in the millions.
The survey goes on to reveal the serious nature of cybercrime and breach for the companies that were attacked: a quarter had a temporary loss of files, a fifth had software and operating systems corrupted, a tenth lost access to critical third-party systems, and a further one in ten had their website taken down. The survey confirms that SMBs are particularly vulnerable with 20% taking a day or more to recover from a disruptive breach.
Small business is vulnerable
The notion that data security issues were reserved for the likes of large corporations such as Tesco or Barclays is long gone. Wily cybercriminals are aware that SMBs are generally complacent in securing their data and hence are an easy target. Also, SMBs often have contracts with large enterprises, either as suppliers, vendors or partners, and consequently retain large quantities of corporate data. Hackers see the SMB’s lightly guarded IT network as a backdoor through which the information of corporations can be stolen.
Small Business Trends, an online publication for SMB executives and entrepreneurs, confirms that 140,000 hard drives fail weekly in the United States. Extrapolated from that statistic are these findings:
- 29% of hard drive failures are accidental
- 60% of SMBs that lose their data due to disk failure close shop within 6 months
- 58% of SMBs are not prepared for data loss
The editorial reveals that less than 50% of SMBs survey regularly backup their data on a weekly basis while only 23% have strategies in place for disaster recovery (DR) and business continuity (BC). It is for these reasons that the number of cyber attacks on SMBs has doubled in the past five years.
What causes data loss?
The loss of critical data can be attributed to a number of factors, ranging from mechanical failure to the use of corrupted backups. However, the two main culprits have proven to be a data breach and human error or negligence. Take a moment to briefly examine these two causes and then move on to explore ways of minimising data loss.
Data security breach
As mentioned, theft through cybercriminal activity is the main reason for data loss. Hackers are able to access secure networks by installing malicious software and programmes onto computers and even server hard drives. Virus and malware can be concealed in emails, attachments, fake advertising and other web content. Once a hacker has infiltrated a system they are there to stay. Just like a virus, they are capable of growth: slowly taking over PCs and expanding into networks. In this way, they are able to steal sensitive information, corrupt files and facilitate data loss and system downtime. Once a hacker has your sensitive data, they can do with it as they please: empty bank accounts, fraudulently use email addresses and sell information to interested third parties, to name but a few.
Error and negligence
Technology has the capability but not the intelligence to function on its own. Humans need to provide appropriate instruction in order for technology to perform as required and produce the desired results. People make mistakes but human negligence is a major contributor to data loss. Examples of negligence include leaving a workstation unattended, using weak and predictable passwords, opening email attachments from unknown senders, clicking hyperlinks in spam or visiting restricted or dangerous websites.
The UK Department of Business, Energy and Industrial Strategy (BEIS) conducted a survey that evidenced that a large proportion of business individuals were ‘careless with passwords, unwittingly exposing themselves and their company to fraud and theft.’ Financial Fraud Action UK (FFA UK) shows that financial fraud losses across payment cards, remote banking and cheques totalled £769 million in 2016, a 2% increase over the previous year.
Human error and the events that follow are easily preventable through proactive data protection and security practices. Bear in mind that data loss, downtime and fraudulent activity can bring your SMB to a grinding halt. Downtime, at the very least, severely harms your business continuity, productivity and revenue.
Be proactive and minimise data loss
There is no guarantee that data will never be lost nor that you can fully protect your IT infrastructure from a security breach. However, there are some fundamental strategies that you can implement to protect your data and make your network markedly less vulnerable to compromise. What follows is a brief outline of four steps you can take to further secure your systems and the associated data.
Enforce data security policies
Your SMB should already have in place data protection policies that stipulate the dos and don’ts for processing and storing sensitive data. Such policies should also provide guidance on network security, logging off when not at a workstation, using hard-to-crack passwords and appropriate use of the web while at work. By communicating and enforcing these in-house regulations, you are simply managing human behaviour. Your policy should also be strictly enforced for BYOD (Bring-Your-Own-Device) machines used for work both on and off-site.
Stress the consequences for non-adherence to your data security policy. Without sounding tyrannical, remember that rules are only useful when they are enforced and there are consequences for not following them. Clearly define what the consequences are and their implications for your SMB and for the individual at fault.
Mobile device management
Mobile device management (MDM) refers to the processes that are in place to monitor and manage portable devices in the workplace such as laptops and smartphones. Using MDM tools, you can ensure that devices accessing your network are continuously identified and monitored. MDM also means that devices are proactively secured using specified passwords and high levels of encryption. An added bonus is that lost or stolen devices can be easily located, and locked or stripped of company data.
Snapshots
Fully backing up large quantities of data is a time-consuming and labour intensive process. Moreover, while your invaluable data is being backed up it is vulnerable to file corruption from reading errors. As a result, a large proportion of data may not be copied during the backup and not be available if you need to do a full system restore. A way to avoid this situation is to backup critical data is making snapshots, read-only copies of any data set frozen to a specific point in time.
Cloud replication
Many SMBs consider data backup to be too expensive and resource-heavy. For these companies, there is a simple solution: cloud replication. Migration part of your IT infrastructure to the cloud is a cost-effective way of replicating your critical data and applications. Replication takes place off-site and is automated, so your employees always have access to data, even when backup processes are taking place. Research confirms that cloud replication usually gets systems back online within an hour following data loss or network disruption.
Moving forward
Statistics from the Cyber Security Breaches Survey show that more and more UK businesses are being targeted by cybercriminals, with the scale and size of the threat also expanding. Businesses are beginning to take this threat very seriously; nine in ten companies regularly update their software and malware protection while two-thirds of businesses invest money in cybersecurity protection measures.
You are fully aware of the causes and the consequences of data loss. By being proactive you can significantly reduce the risk of data loss and have the peace of mind that your SMB will continue to operate uninterrupted. By ensuring that you have robust disaster recovery and business continuity plans in place, you can protect your data and your business. Your SMB won’t fall prey to cybercrime and be another non-operational statistic.
