Our personal and professional data is everywhere. Honestly, that’s how 99.9% of us want it to be. We want our bank account information to auto-populate when we buy things online. We don’t want to have to remember 87 passwords. And we definitely want to be able to see and download information that the government and other official organizations have on us. This applies to the average citizen as well as businesses.
Even though the virtual world is quickly learning how to effectively protect this sensitive data, defense always starts at the user level, then moves up to the organizational level. Without addressing these two levels first, more formalized security could be ineffectual or worse, be counterproductive.
Background: This is serious
To find the right kind of solutions, we first need to know how serious this problem is.
According to the National Archives & Records Administration in Washington, 93% of companies that have experienced data loss resulting in ten or more days of downtime have filed for bankruptcy within a year. 50% wasted no time and filed for bankruptcy immediately and 43% that have no data recovery and business continuity plan go out of business following a major data loss. In the past, small businesses thought that data security problems were for large corporations, but cybercriminals are figuring out that small businesses are more liable to dodge securing their data, so they’re easier targets. More importantly, a lightly guarded small business can provide backdoor access to the large entities hackers really want to hit. Fewer than half of the small businesses surveyed said they back up their data every week. Only 23% have a plan for data backup and business continuity. That is why the number of cyberattacks on small businesses has doubled in the recent past.
Causes of data loss
Cyberattackers want to sell your data or otherwise use it to gain or extort money.
Breach of data security
These are the cases that usually make the news. Hackers get into networks by installing their own software hidden inside emails and other web content. They take over PCs and networks and then access files containing personal information.
Human error and employee negligence
Humans still have to tell technology what to do. Negligence steps in when a user gets distracted from technology. Examples of negligence include unattended computer systems, weak passwords, opening email attachments or clicking the hyperlinks in spam and visiting restricted websites.
Five ways to minimize data loss
- Enforce data security: This boils down to human management. Small businesses must first create a data protection policy, then enforce it. Rules and policies must be enforced very strictly regarding the use of personal devices and data hygiene. Tell employees to create passwords that are hard to crack and to change them frequently.
- Stress the consequences: Rules are only good if there are consequences for not following them. Define what those consequences mean for the both the individual and the organization and most importantly, follow through on them.
- Mobile device management: Mobile devices may be the weakest link in data security. “Mobile Device Management” or “MDM” refers to the processes designed to control the use of mobile devices used within a company. Mobile devices tapping into company systems (like wifi networks) are identified and monitored 24/7. They are proactively secured via specified password policies, encryption settings, etc. Lost or stolen devices can be located and either locked or stripped of all data.
- Snapshots: Fully backing up large amounts of data can be a lengthy process. The data being backed up is also vulnerable to file corruption. This means sizable chunks of data may not be stored in the backup and be unavailable in the event of a full restoration. This can be avoided by backing up critical data as snapshots on a regular basis.
- Cloud replication and disaster recovery services: For small businesses who consider data backup to be too costly, time-consuming, and complex, there is an answer. The Cloud provides a cost-effective, automated off-site data replication process that provides continuous availability to business-critical data and applications. Cloud replication can often get systems back online in under an hour following a data loss.
DIY or MSP
Of course, all of the above can be executed and managed by a company’s own resources. But for those who have limited time, budget, and/or know-how benefit from working with an IT provider whose sole priority is everything to do with security. If you want to know more about how HDCav can help your organization through the methods above (and much, much more), just reach out. We love talking security.