Reducing the Cost and Risk of Data Loss
We live in a rapidly evolving global economy that increasingly relies on technology. Mountains of data are integral to the economy and the technology that supports it. The technology of small and medium size businesses (SMBs) retains confidential and sensitive data including customer credentials, employee records, financial transactions, emails and company documentation. Plus, there are several applications and programmes to ensure that the data is processed and manipulated in the most beneficial way for business.
Most employees of SMBs need instant and continuous access to vital business data in order to meet the demands of customers and satisfy their needs. At times, they may need access when out of the office, at home, running errands or engaging in a pastime.
To cope with the demand, many companies permit employees to BYOD (Bring-Your-Own-Device). BYOD means they can ‘do business’ on the go using personal laptops, tablets and mobile phones. Accessing the web through readily available Wi-Fi, employees have 24/7 door to a SMBs back office infrastructure using their mobile devices.
A single data loss can have significant financial repercussions for SMBs. The costs associated with a loss or breach linger on long after the event and SMBs may find the results difficult to overcome. Simply put, if employee productivity and customer accessibility are interrupted by a data loss, a loss of revenue follows. Furthermore, the SMB will need to conduct costly internal research and investigation and pay for system repair and maintenance. A high premium is also attached to enhancing data security protection. If data loss is caused by cybercrime, the chain of events will probably be: affected clients must be informed, the SMB may get caught up in lengthy litigation, and many customers leave, looking for a company they believe they can trust.
We are all familiar with corporate-level data losses; they are well-publicised, sometimes headlining the news. By contrast, many SMBs believe that their data is secure. That train of thought is likely to have costly consequences.
SMB Top Management Cannot Ignore Data Loss
- Research reveals that a major data loss will cause a SMB to lose an estimated 25% of daily revenue within a timespan of a week.
- Bankruptcy could be on the cards. According to the National Archives & Records Administration in Washington, 93% of companies that have experienced data loss accompanied by significant downtime of ten days or more, have filed for bankruptcy within twelve months of the loss occurring. Another alarming statistic is that 43% of companies that do not have a data recovery or business continuity plan in place, are out of business soon after a significant data loss.
Ask yourself these questions: How quickly can my business be restored if a vital data loss occurs? When was the last time I tested backup and recovery procedures? Do I have a solid business continuity plan in place to ensure that company data is recoverable? Hopefully you were quick to provide positive responses.
- Symantec SMB conducted a survey revealing that less than half of the SMBs surveyed backed up their data on a weekly basis. Only 23% admitted to backing up data daily and having a business continuity plan to fall back on.
- Yet another eyebrow raising point is that the number of cybercriminal attacks on SMBs with fewer than 250 employees doubled in 2016. Intelligent, sneaky hackers feed on the vulnerabilities of naïve SMB owners and target them as easy prey. If sensitive customer data leaks, SMBs could find themselves in an overwhelming financial bind, needing to reimburse affected customers and face extreme litigation costs.
- The BYOD concept isn’t a ‘trending now’ impulse. Like flexible hours and working from home, BYOD is fast becoming ingrained in business culture. Businesses no longer own or control the devices used by their employees. BYOD clearly has many advantages such as constant access to a company’s technology infrastructure. On the downside, BYOD comes with several data security risks. The advent of BYOD has led to a seemingly endless number of networks, applications and end points where data can be accessed. Who is responsible for managing these devices and keeping them secure? Do SMBs have the legal right to back up data on devices which are not their property? What happens if an employee loses a laptop, tablet or phone? Worse still, what if they unexpectedly resign? What data have they taken with them? Who are they taking the data to? Does the SMB have access to the data held by the absconded employee?
Play with Fire and Get Burnt
Compared to two decades ago, SMBs now carry out business on a much larger playing field. It would be very foolish to place full trust in an in-house IT department to secure and backup vital business data. Worse still, are the SMBs that opt for the Break/Fix mentality, using emergency on-call services when disaster strikes. Not taking data security seriously is playing with fire … and everybody knows the outcome of that practise.
SMBs should think about their business operation as small-scale battle; the enemy being unwanted technological events. A disruption or invasion by such an event, big or small, impacts significantly on productivity and profitability. So what is a realistic and viable solution? SMBs need to be proactive, not reactive, and have tested disaster response procedures in place before the catastrophe of data disruption or loss. In this way, systems can be immediately restored to the company data centre. With minimal downtime and protection of client data, it’s back to business in no time.
What are the Main Data Security Threats?
Error and Negligence
Nobody is perfect; human error is as prevalent in data management as it is in any facet of business operations. Employees unintentionally delete, overwrite and modify data, often as a result of incompetent management of virtual technology. The advantage of virtualisation and cloud computing is that entire servers – including all associated data, patches, applications and operating systems – can be packaged into a single software bundle or virtual server. This virtual server can then be backed up. Sounds simple? It is simple when employees effectively instruct virtualisation technology how to execute the necessary tasks. When ineffective or inadequate instruction is give, significant data loss can occur.
Virtualisation and cloud computing technologies can be complex. To master them, means going on a steep learning curve and sometimes applying a hit and miss approach to see what works. Consider a support engineer who is formatting volumes on the primary site. If they forget to switch off replication software prior to the formatting, the entire backup will be overwritten.
Many CEOs and top managers of SMBs are forgiving; they understand that people make mistakes. However, they need to be more vigilant when managing negligent employees who exhibit risky behaviour. The risk is exacerbated by the level of mobility and accessibility common to the workplace today. The bottom line: negligence has a knock-on effect by leaving a SMBs data open to theft by cybercriminals or unscrupulous employees. Here are some obvious examples of employee negligence:
- leaving computers unattended or forgetting to log out
- using weak passwords, passwords that colleagues know, or not changing passwords regularly
- unwittingly opening suspicious email attachments or clicking on links embedded with spam
- visiting restricted websites using VPN or proxy servers
Mobility and Data Exposure
With the popularity of BYOD on the rise, people are increasingly going about their business using personal devices. They may also store data, as a backup or otherwise, on portable media drives like USBs.
A concern arises since these personal devices are not backed up by a company’s IT personnel. The possibility of their loss or theft cannot be ruled out. The probability that employees use their devices for email, web browsing, downloading media and accessing social networks is very high. Consequently, sensitive business data is vulnerable to malware, viruses, hackers and ransomware. Put this all together and you face the prospect of unexpected and expensive data loss.
How can SMBs Minimise Data Loss?
- Impose Data Security – Knowing the risks and effects of data loses, CEOs and top management of SMBs must explain and enforce data protection policies to all staff members. Without being tyrannical, they need to lay down the law when it comes to data protection, particularly setting explicit guidelines for those BYOD users. Staff can be reminded of in-house data security policy via email, at meetings and through social media postings. Moreover, management can instruct the IT department or Managed Service Provider (MSP) to block access to sites such as Facebook and Twitter and to place a carpet ban on file sharing.
Recently, IBM corporation banned 400, 000 of its employees from using Dropbox and Siri, the iPhone personal assistant. The reason – data security alerts. So, if IBM takes such drastic action, there is no reason why SMB owners shouldn’t request their staff not to play Minecraft or Tweet on their personal devices containing company data.
- Emphasise the consequences – Employees need to be reminded of the ramifications of inadequate protection of both personal and business confidential data. Consequences that immediately spring to mind are financial loss, litigation and fraud. Employees need to change passwords regularly. In addition, the passwords should be such that hackers will find them difficult to crack – not a mother’s maiden name or favourite football team. An experienced and reliable IT advisor or MSP can assist in implementing data security processes and procedures.
- Mobile Device Management – SMBs can gain some control over devices using Mobile Device Management (MDM). MDM continuously identifies and monitors all mobile devices accessing company systems. Of greater benefit, is that MDM ensures that devices are proactively secured using complex encryption, automated compliance actions and stringent password policy. An added bonus is that lost or stolen devices can be located, locked and have all SMB-related data remotely removed.
- Use Data Snapshots – Frequently doing a full backup of a large bank of data is time consuming. Read errors can occur during the backup, so the data is vulnerable to corruption. Simply put, this means that chunks of data will be rendered inaccessible when a system is fully restored. Using data snapshots overcomes the problem of needing a full backup. Snapshots are read-only copies of critical data taken at specific points in time. Compared to full backup, snapshots use minimal disk space. The advantage here is that snapshots can instantly be used for restores should data loss occur.
- Cloud Replication as Disaster Recovery – Many SMBs find data backup expensive, time consuming and complex. Using cloud replication as a means of backup vanquishes these shortcomings by providing an off-site data replication process. Cloud replication means continuous access to critical data and applications. In the event of disaster, systems are usually back online within an hour thanks to cloud replication.
Food For Thought
You work in a 24/7 business world that depends on volumes of data. You realise the value of this data and that it should be effectively managed and nurtured. Your BYOD employees need to know the consequences of data loss or breach. They must also be aware of the impact of negligent action and data exposure on business operations. So take your own action and protect your data. Not only will you sleep well knowing that you’ve reduced the risk of loss, but you’ve also saved a bundle of money.