Are You Doing Your Best To Protect Your Business From Data Theft?

THE FACTS ABOUT DATA SECURITY AND RISK

We hear a lot of talk about data security because of the constant threat of cyber-attacks and hacking. News of data breaches is ubiquitous. As a result, we are exceptionally concerned about a data breach's branding and reputational consequences. However, other events could occur that make our data inaccessible. Knowing you are doing your best to protect against cyber attacks, ransomware, and other forms of data theft is essential, but data security goes beyond that. So instead, let's look at data from a broader perspective.

You should always be concerned about protecting your data from any event that has consequences for your customers. However, concerns about data theft are too narrow. A number of different events will have an impact on customers and pose a threat to your brand, as well as your ability to provide services. Let's look at data from a customer perspective. Any event that restricts access to their data and leads to disruption of their routine business with you is a serious problem.

For example, what are you doing to ensure that your data will be accessible during a disaster? What if you lost all power or internet access? In both cases, your capacity to provide service and respond to customer needs that necessitate data access would be stopped cold. How would you continue your business and respond to daily customer demands requiring routine data access? Would you be out of luck?

At Standard I.T. Security, we take a holistic approach to data security that avoids damage or theft of your data AND seeks to address the wide range of events that can potentially limit data access.

THREATS TO DATA

There are numerous ways data can be put at risk.

1. External Bad Actors - This is the risk that gets the most headlines. Cyberattacks from hackers, foreign governments, and entities with bad intentions are a serious, ongoing threat. Ransomware viruses, for instance, are data kidnapping schemes that freeze access to your data until you pay a ransom. These are especially difficult because once you have been hit, using an after-the-fact antivirus program will offer no help. Additionally, there are phishing scams and other malware that can damage and or steal your data.

2. Human Error - One of the major causes of successful cyber and malware attacks is employee error. Following links to web pages that mimic real sites or opening emails with attachments that download viruses are common mistakes. Another typical example is an employee who finds a thumb drive and is curious about its contents and inserts it into the USB of their computer. In addition, employees need to be trained to recognize phishing scams. All of these errors are generally preventable with sufficient training. But, too few businesses recognize the severity of the threat.

3. Insufficient Hardware and Software Protections - There are two important categories here.

a. Software: Constantly updated antivirus applications are required, not just on servers but on every device connected to your communications network. Additionally, it is important to consistently upgrade all of your software whenever upgrades are released. Many upgrades are released to specifically address a vulnerability that exposes the user to a new virus.

b. Backups: Failure to have a well-designed backup procedure for all of your data can mean you don't have accurate backups if something happens. If your IT staff is limited, this is an area where consultation with an outside managed service provider may be of particular value. There must be more than a daily or weekly backup to an external hard drive kept in a drawer. Also, not having plans for a quick swap-out for failed hardware can leave you dead in the water until new hardware can be ordered, delivered, and configured.

4. External Events - Your customer's data can be carefully protected against theft, hardware failure, and human error, but it isn't of much value if you cannot access it. Therefore, the final step in protecting customer data is addressing the conditions limiting your ability to use that data to serve your customers. Examples of these risks include natural disasters, terror attacks, and human-created events, each of which could cause physical damage to your business site or limit physical access to it. Such events can also create power, broadband, and/or telephony outages that make your data inaccessible, even if you have remote access.

WHAT YOU CAN DO

Seeing a list of all these threats to your data can be pretty discouraging. That said, there are a range of solutions, some of which can be money-saving, that can help mitigate risk.

1. Employee Training - Your employees remain the first line of defense against cyber criminals. Teaching them proper data hygiene is important. Every firm should have ongoing training that identifies possible risks that employees face. Discuss how to identify phishing scams and, if they have suspicions, never open a link they receive in an email. Looking at the URL of any site they visit via a link can be a tip-off to a "spoofed" site. Some larger firms have even gone so far as to send out "faked" phishing emails to their employees as a teaching tool. They identify who opened them and send along additional tips to help them identify scams. Also, password policies should be put into place, as well as rules forbidding the sharing of passwords.

2. Cloud Storage - While many feel their data is safer protected onsite, that may not be true. Using cloud storage for your data can resolve several of the threats discussed above.

a. Backups and hardware failures: With cloud storage, you eliminate the need for a great deal of onsite hardware for storage. Hardware you don't have can't break.

b. Access during a major disaster: When you select a cloud storage solution, you create redundancy. Rather than stored on-site hardware, vulnerable to any number of events, your data is stored on redundant servers, usually in dual locations around a broad geographic region. If there is a hardware failure, natural disaster, or other major event, your data remains safe and accessible from an alternate site.

c. Cyber-security: Choosing a cloud storage solution most likely increases your data security. Huge data server farms have robust physical security, but they also are probably encrypting your data which is a level of protection you likely cannot provide using onsite storage. Cloud storage providers will also utilize the latest and most sophisticated data protections available, far beyond what a mid-size firm could create for itself.

3. Software as a Service (SaaS) - Software as a Service is part of the cloud storage model. Instead of purchasing a software application and downloading it to your hardware, such as a desktop PC, server, or tablet, you buy a subscription to the application. The attraction of this model is that you are buying access to the application over the internet from whichever device you want to use at any time. Access to the software is no longer limited to the physical device on which it is installed. This also creates better security because you lose the responsibility to download new security releases in a timely fashion. This is all done behind the scenes for you. It also means you can access your data via remote locations. For example, if your business location becomes inaccessible, you can log in and use remotely stored software to continue working.

4. Bring Your Own Devices Policies - BYOD policies are essential. You open another access door whenever you introduce new hardware to your communications network. BYOD is very popular and can be a fundamental driver of productivity. However, it dramatically complicates the job of securing all of the devices that can access your network and thus makes it more likely that some crack in the armor will be overlooked. Consequently, you need a very tight and intelligently defined policy for handling all aspects of BYOD. This includes not only specifying which type and models of devices will be permitted but also procedures for handling software downloads and upgrades and lost or stolen devices.

In summary, data security is important, but one primary facet of data security is accessibility. Safe data is of no use to anyone if it becomes inaccessible. As you make plans to defend against events that could threaten data security, plan to protect against events that would limit the use of that data to conduct your daily business operations, and take a holistic approach to data from the perspective of the customer. Remember, anything which affects data usage to meet your customer's needs will affect your brand, reputation, and bottom line.