We hear a lot of talk about data security because of the constant threat of cyber attacks and hacking. News of data breaches are extremely common. You may find yourself dwelling on the threat ... what would you do in the event of a disaster? How would you access your data? Luckily, there is a broad range of solutions available, some of which can be money-saving, that can help mitigate risk.
Threats to data
There are numerous ways data can be put at risk.
- External Bad Actors - Clearly, this is the risk that gets the most headlines. Cyberattacks from hackers, foreign governments and entities with bad intentions are a serious, ongoing threat. Ransomware viruses, for instance, are data kidnapping schemes that freeze access to your data until you pay a ransom. These are especially difﬁcult, because once you have been hit, using an after-the-fact antivirus program will offer no help. Additionally there are phishing scams and other malware that can damage and or steal your data.
- Human Error - One of the major causes of successful cyber attack and malware attacks is employee error. Opening emails with attachments that download viruses or links to web pages that mimic real sites are common mistakes people make. For example, employees who ﬁnd a thumb drive and, curious about its contents, insert into the USB of their computer. All of these errors are generally preventable with sufﬁcient training. But, too few businesses recognize the severity of the threat. Employees need to be trained to recognize phishing scams. (Get more info on Security Awareness Training here.)
- Insufﬁcient Hardware and Software Protections - There are two categories here.
a) Software: Constantly updated antivirus applications are a requirement, not just on servers, but on every device that connects to your communications network. Additionally, it is important to consistently upgrade all of your software whenever upgrades are released. Many upgrades are released to speciﬁcally address a vulnerability that exposes the user to a new virus.
b) Backups: Failure to have a well-designed backup procedure for all of your data can mean your don’t have accurate backups if something happens. If your IT staff is limited, this is an area where consultation with an outside managed service provider may be of particular value. A daily, or weekly, backup to an external hard drive that is kept in a drawer is not sufﬁcient. Also, not having plans for a quick swap-out for failed hardware can leave you dead in the water until new hardware can be ordered, delivered and conﬁgured. (here's a quick video on backup choices.)
- External Events - Your customer’s data can be carefully protected against theft, hardware failure and human error, but it isn't of much value if you cannot access it. The ﬁnal step in protecting customer data is addressing the conditions that would limit your ability to use that data to serve your customers. Examples of these risks include natural disasters, terror attacks, and human-created events, each of which could cause physical damage to your business site, or limit physical access to it. Such events can also create power, broadband and/or telephony outages that make your data inaccessible, even if you have remote access.
(Download ebook: Backup and Data Protection for the SMB)
What you can do
Seeing a list of all these threats to your data can be pretty discouraging. That said, there are a range of solutions, some of which can be money-saving, that can help mitigate risk.
- Employee Training - Your employees remain the ﬁrst line of defense against cyber criminals. Teaching them proper data hygiene is important. Every ﬁrm should have ongoing training that identiﬁes possible risks that employees face. Discuss how to identify phishing scams and, if they have suspicions, never open a link they receive in an email. Looking at the URL of any site they visit via a link can be a real tip-off to a “spoofed” site. RESULTS offers Security Awareness Training which includes sending out “faked” phishing emails to employees as a teaching tool. We identify who opened the fake emails and flag employees who need extra training. Also, password policies should be put into place as well as rules forbidding the sharing of passwords.
- Cloud Storage - While many feel their data is safer protected on-site, that may not be true. Using cloud storage for your data can resolve several of the threats discussed above. Click here to download our ebook "The Cloud: A Dream for Small Business"
a) Backups and hardware failures: With cloud storage, you eliminate the need for a great deal of onsite hardware for storage. Hardware you don’t have can’t break.
b) Access during a major disaster: When you select a cloud storage solution, you create redundancy. Rather than stored onsite hardware which is vulnerable to any number of events, all of your data is stored on redundant servers, most likely in at least dual locations around a very wide geographic region, such as the territorial United States. If there is a hardware failure, natural disaster or other major event, your data remains safe and accessible from an alternate site.
c) Cyber-security: Choosing a cloud storage solution most likely increases your data security. Huge data server farms have strong physical security, but they also are probably encrypting your data which is a level of protection you probably cannot provide using onsite storage. Additionally, cloud storage providers are going to be utilizing the latest and most sophisticated data protections available certainly far beyond what a mid-siz ﬁrm could create for itself.
- Software as a Service (SaaS) - Software as a Service is part of the cloud storage model. Instead of purchasing a software application and downloading to your own hardware, such as a desktop PC, server or tablet, you purchase a subscription to the application. The attraction of this model is that you are buying access to the application over the internet from whichever device you happen to want to use at any one time. Access to the software is no longer limited to the physical device on which it is installed. This also creates better security because you lose the responsibility to download new security releases in a timely fashion. This is all done behind the scenes for you. It also means you can access your data via remote locations. If your business location becomes inaccessible, you can login and use remotely stored software to continue working.
- Bring Your Own Devices Policies - BYOD policies are important. Whenever you introduce new hardware to your communications network, you open another access door. BYOD is very popular and can be a real driver of productivity. However, it dramatically complicates the job of securing all of the devices that can access your network, and thus makes it more likely that some crack in the armor will be overlooked. Consequently you need a very tightly and intelligently deﬁned policy for handling all aspects of BYOD. This includes not only deﬁning which type and models of devices will be permitted, but also procedures for handling software downloads and upgrades, as well as lost or stolen devices.
In summary, thinking about all of the cybersecurity threats out there can be pretty discouraging. That said, there are a range of solutions, some of which can be money-saving, that can help mitigate risk. Contact us today if you need any help implementing any of these strategies.