Technology takes control
As the days go by, we become increasingly reliant on technology, both at home and work. Technology already controls critical systems such as airline routes, financial markets, traffic lights and all our lines of communication. The advent of the smartphone has meant that we have instant 24/7 access to information through the internet. Social media platforms such as Facebook and LinkedIn, have infiltrated the lives of many, also having a massive impact on businesses and their marketing strategies. Soon from now we’ll be unlocking our front door using a smartwatch after a relaxing drive home in a robotic vehicle.
The same technology that has taken over our lives, has brought flexibility, mobility and automation to businesses. Whether you are the CEO of a large corporation or a sole e-commerce trader, you realise that tech systems underpin your business operations and acknowledge that evolving technologies are a necessity to help grow your enterprise.
Technology daisy chain
Businesses are dependant on a technological daisy chain of hardware, software, IT infrastructure and data. In fact, it’s accessing, processing and storing data that keeps the wheels of your small to medium size business (SMB) turning. Employee and client information, emails, contracts, financial records, orders and transactions are all examples of sensitive and valuable corporate data that must be safeguarded. Plus, you need to ensure that your applications and programmes are adequately protected to prevent hacking and downtime caused by cybercriminals. Lillian Ablon, a researcher from the RAND Corporation, has this to say about keeping your precious data safe:
“Technology’s relentless march demands better security measures to prevent hackers from breaking into systems and more rigid programming standards to reduce the chances of crippling outages.”
BYOD in business
Your employees need constant and reliable access to critical business data to effectively serve your clients or customers. Today, this access isn’t limited to the office. People do business on the go and remotely from home. More and more companies are employing a BYOD (Bring-Your-Own-Device) strategy to accommodate the mobility needs of staff. Recent research confirms that 48% of owners of SMBs believe that being able to operate their business via mobile devices is fundamentally important. Similar research concludes that the average SMB owner uses their mobile devices for business purposes 25 times a day, excluding calls or texts. Over the past decade, the scope and applications of mobile phones have been redefined and they are no longer technologies used for making and receiving calls.
BYOD isn’t a trend and the practice is here to stay. BYOD is an upfront cost saving for your company since you’ll have a reduced IT expenditure on hardware such as laptops and smartphones. BYOD also means improved employee contentment and productivity since people are happier when they use technology that they are familiar with. The web, omnipresent Wi-Fi networks and mobile devices with enhanced memory capacity and battery life have made around the clock access to your SMB a reality. Unfortunately, this flexibility and freedom pose a serious risk to the safety and security of your irreplaceable data.
Data losses are more than costly
A single data loss has a widespread impact on any SMB with effects lingering on long after the event. Even a few hours of downtime is a significant financial blow and that’s not to mention the negative effect on your company reputation. A company that does not prioritise data protection is asking for trouble and many SMBs have not been able to overcome the long-lasting repercussions of data loss or compromise.
There is no question that revenue is lost when employee productivity and customer accessibility are hindered by downtime or lost data. After any system outage, you will have to bear the expenses associated with internal or outsourced investigation of your IT network, system repair and maintenance, and additional data security protection. Moreover, if cybercriminal activity is involved, your clients, partners, vendors and suppliers must all be notified. From this, there exists the potential for costly ligation. Your SMB will likely suffer an exodus of customers who move on to a more trustworthy partner. And when they leave, they don’t return.
‘It’ll never happen to us’ syndrome
Corporate-level data losses, such as the Equifax data breach in 2017, are always headlining the news. But when last did you read about the data of an SMB being compromised? Probably never. This leads SMB owners and executives to develop an ‘it’ll never happen to us’ train of thought. Regrettably, it can. If your SMB becomes a victim of data loss, do you have the financial resources and stamina to weather the ongoing storm that follows? Reflect on this for a moment: it is estimated that following a significant data loss, SMBs can lose in excess of 25% of their daily revenue. Maybe it’s time to think that ‘it can happen to us.’
The true cost of downtime
The National Archives and Records Administration in Washington D.C. claims that 93% of all companies in the United States have experienced downtime or data loss. Companies experiencing outages of ten or more days have filed for bankruptcy within twelves months of the incident. More alarming is that 50% of SMB filed for bankruptcy immediately. Statistics show that 43% of companies without a disaster recovery (DR) or business continuity (BC) plan are forced to close shop following a considerable data loss.
Do you backup your company data?
Before going any further, provide a mental response to these questions:
- How long will it take to restore your systems after a critical data loss?
- When last did the IT department test backup processes?
- In the event of downtime or breach, is all your data recoverable?
Symantec, a Californian software company, recently conducted a survey that revealed that less than half of SMBs back up their data on a weekly basis. Fewer than 25% stated that they had daily scheduled backups and had a proven BC plan in place.
Cybercrime is on the rise
According to a 2017 report by the UK National Crime Agency (NCA), cyber threat to business is significant and growing, with the increase in Internet-connected devices providing attackers with more opportunities. According to the NCA, the past year has been punctuated by cybercrime on a scale and boldness not seen before. It is also estimated that the percentage of attacks on SMBs with fewer than 250 employees has doubled during the same period. Hackers are fully aware that smaller companies do not often possess the financial or human resources to implement robust security for their IT infrastructure. Hence, SMBs are an easy target and a backdoor through which criminals can access the data of large corporations.
BYOD as a potential data risk
You understand the BYOD is integral to the business establishment. But BYOD also implies numerous data security risks. The number of devices, networks, applications and data endpoints for users has increased exponentially with the inculcation of BYOD. But who manages and secures the personal technology that your employees use for work? Does your company have the right to backup data on devices it does not own? What happens if a smartphone, tablet or laptop is lost or stolen? Are you fully aware of all the company data stored on all BYOD devices? These questions should give you some food for serious thought.
Break/Fix is a recipe for disaster
Sadly, when it comes to data security and backup, most SMBs fall into one of two categories. Either data protection is placed in the hands of a small, overworked IT team. In many cases, the team is a single ‘IT guy’. Worse still are the SMBs that have adopted the break/fix mentality. These companies have forsaken in-house IT support and rely on emergency on-call engineers to fix what is broken when things go awry.
Any disruptive or invasive event on your IT infrastructure will directly impact your business operations and profitability. The scale or duration of the incident is neither here nor there. There is a single solution to get critical data immediately restored to your data centre and that is to have a reliable, tested and functional DR plan. In order to minimise downtime, protect client data and soften the effects of an outage, you need to have emergency procedures in place prior to a data compromise. Know one thing: break/fix is a recipe for disaster.
Human error
The increase in the number of internet-connected devices and wireless networks has seen a commensurate rise in technological human error. Such mishaps range from unintentional data deletion to overwriting data and files. A large proportion of this form of human error stems from the inappropriate management of virtualisation technology. On the positive side, virtualisation and cloud computing have enabled substantially improved BC by enabling entire servers and their contents, to be grouped into a single software bundle or virtual server which is then remotely backed up. On the downside, people still need to instruct a virtual environment on how to perform and erroneous instruction means data loss.
Virtualisation and cloud computing systems can seem complex and complicated, particularly for non-techy individuals or your overstretched IT support staff. Learning how to operate and manage the systems is often achieved through trial and error. This is when mistakes are made. For example, a support engineer may inadvertently overwrite a backup by forgetting to power off the replication software prior to formatting volumes on the primary site.
Employee negligence
As an SMB owner, you are no doubt reasonable when it comes to human error – people do make mistakes. Employee negligence, on the other hand, can prove somewhat more testing. Such negligence puts your sensitive data at the risk of being stolen, used or deleted by cybercriminals or even vindictive employees. Here are some typical examples of negligent activity:
- leaving workstations unattended
- not password-protecting BYOD devices
- using weak passwords and not changing passwords regularly
- opening email attachments or clicking on hyperlinks embedded with spam
- visiting or downloading from restricted and unauthorised sites
Data exposure through mobility
The fact remains that with BYOD implementation in the workplace, more executives and employees of SMB will go about daily business using their personal smartphones, tablets and laptops. Many individuals also carry portable external drives and USBs. These media devices all contain valuable company files and data. While this level of mobility is great for business, it also has its downside. Portable storage drives are rarely backed up or password secured by somebody in your IT team.
Two immediate concerns of personal devices being used for business spring to mind. Firstly, there is the potential for loss or theft meaning that company data may fall into the wrong hands. Secondly, there is a high probability that your staff are also accessing personal email, browsing the web, playing games, downloading apps from Google Play or the App Store, and using Facebook, Instagram, Twitter and the like. All this web activity makes sensitive company data vulnerable to viruses, malware, phishing and hacking. By extension, there is a substantial risk of data loss or breach, a risk you truly cannot afford.
What you can do to prevent data loss
While it may seem that the cons of BYOD outweigh the pros, this is not necessarily the case. There are four straightforward strategies that you can employ to minimise company data loss: enforce data protection, educate your employees, apply Mobile Device Management and take Snapshots.
Enforce data protection
Before buying into BYOD, you need well-defined policies covering all elements of data security, data protection and the use of personal technology for business purposes. Your executives must clearly communicate details of all policies to staff and ensure that they understand the process and procedure. If necessary, you may require staff members to sign an acknowledgement of all your data protection strategies.
Having a data security policy in place isn’t sufficient. You and your management team must be vigilant in enforcing policies and ensuring employee adherence. Enforcement needn’t be time-consuming nor require much effort. You may wish to send out regular reminders not to open email attachments from unknown sources, to use strong passwords that are regularly changed, and restricting social media sites. If Apple, Google and IBM can place restrictions on their employees’ web behaviour, then so can you.
Educate your employees
Explaining the importance of confidential data protection, both personal and business is a worthwhile exercise. By educating your employees about the consequences of data loss and downtime, you’ll instil a greater awareness of security and your staff will be proactive and mindful. Again, encourage your team to use passwords that are challenging to crack. Your IT department should rigorously identify any vulnerabilities in your network and take action to secure these. You could also outsource your staff training to a Managed Service Provider (MSP). Your local MSP will have worked with many organisations and gleaned a wealth of knowledge and experience from their partnerships. MSPs will also have the most up to date data protection tools plus an extensive understanding of BYOD.
Mobile Device Management
Your MSP will also apply Mobile Device Management (MDM) tools, giving your reasonable control over how personal technologies are used. MDM tools also facilitate the automated 24/7 monitoring of devices, making it easy to identify and remedy any security vulnerabilities. MDM means that devices are proactively secured through specified password policies, encryption settings and automated compliance actions. An added bonus is that lost or stolen devices can be located and locked or stripped of all company data.
Snapshots
To comprehensively backup large volumes of data takes time. Also, the data being backed up is also vulnerable to corruption caused by reading errors. This means that in the event of a full system restore, some data may be unavailable. You can avoid this potential data loss by taking snapshots of critical information. Snapshots are read-copy copies of data frozen to a specific instant in time. Snapshots can be stored using minimal disk space and are available immediately for restore should any data loss or compromise occur.
Use the cloud for disaster recovery
Many SMBs consider backup, although essential, too costly, time-consuming and complex. Some small businesses may lack the IT resources to fully implement backup procedures. Using cloud computing is a cost-effective and reliable means of ensuring backup and successful DR. By relying on the expertise of your MSP, you’ll be guaranteed automated, off-site data replication processes providing continuous access to your critical data and applications. Cloud replication means that you’ll have your systems back online in less than an hour following a data loss.
Remain in control
Despite increasing incidents of cybercrime which makes your IT infrastructure and BYOD practice vulnerable to data loss and downtime, know that you remain in control of the situation. By regularly backing up data, reducing human error and employee negligence, enforcing data protection policies, implementing MDM, and using cloud replication, your data will be safe and secure. With the knowledge that you have a robust IT network that is not prone to downtime, you can focus on the future and look forward to sustained productivity and profits.
