Viewing entries in
Cybersecurity

Data Loss and Five Ways To Minimize Risk

Data Loss and Five Ways To Minimize Risk

Loss of Data: Causes and Prevention

The adoption of technology from the simplest of matters to the most complex problems has rendered us heavily dependent on it. We love paying our bills minutes before they are due. We enjoy seeing loved ones face-to-face on our computer screens. We can access and print our extremely sensitive records from government and financial websites in a matter of minutes instead of waiting for the mail for days. The time and resources that technology saves are invaluable, but this convenience has a very ugly side. This convenience brings costs, which could include irreparable financial, professional, and social damage. The technology that is designed to make life easier can also wreak havoc when criminals use it to breach secured, personal information. So how do we tame this beast called ‘breach of data security’?

Background: The gravity of the problem: To look for a solution, we first need to understand how serious this problem is. Breaches in data security and loss of data could spell imminent demise for many small companies. According to the National Archives & Records Administration in Washington, 93% of companies that have experienced data loss resulting in ten or more days of downtime have filed for bankruptcy within a year. 50% wasted no time and filed for bankruptcy immediately and 43% that have no data recovery and business continuity plan go out of business following a major data loss. In the past, small- to medium-businesses (SMBs) thought that data security problems were reserved for large corporations, but cyber criminals are finding out that SMBs are more complacent in securing their data thus making themselves easier targets. More importantly, the lightly guarded SMBs can provide backdoor access to the large entities hackers really want to hit. Fewer than half of the SMBs surveyed said they back up their data every week. Only 23% have a plan for data backup and business continuity. That is why the number of cyber attacks on SMBs has doubled in the recent past.

Causes of lost data: Loss of data can be attributed to two factors.

  • Breach of data security: As we discussed above, theft is the main reason for loss of data. Hackers can get into networks by installing their own software hidden inside emails and other Web content. They take over PCs and networks and then access files containing personal information. They can then use that information to empty people’s bank accounts and exploit data for other purposes.

  • Human error and employee negligence: Humans still have to instruct technology to perform as desired. Examples of negligence include unattended computer systems, weak passwords, opening email attachments or clicking the hyperlinks in spam and visiting restricted websites. Fortunately, this type of loss of data is easily preventable, but it is just as detrimental and can bring your business to a halt. Downtimes can be very harmful to your business continuity and revenue.

Five ways to minimize data loss

  1. Enforce data security: More than technology, this is the management of human behavior. SMB management must communicate data protection policy to the entire staff and see to it that the policy is adhered to. Rules and policy must be enforced very strictly regarding the use of personal devices. Tell employees to create passwords that are hard to crack and change them frequently.

  2. Stress the consequences: Rules are only good if there are consequences for not following them. Define what those consequences mean for the both the individual and the organization.

  3. Mobile device management: Mobile devices may be the weakest link in data security. “Mobile device management” refers to processes that are designed for the control of mobile devices used within the company. Devices tapping into company systems are identified and monitored 24/7. They are proactively secured via specified password policies, encryption settings, etc. Lost or stolen devices can be located and either locked or stripped of all data.

  4. Snapshots: Fully backing up large amounts of data can be a lengthy process. The data being backed up is also vulnerable to file corruption from read errors. This means sizeable chunks of data may not be stored in the backup and be unavailable in the event of a full restoration. This can be avoided by backing up critical data as snapshots.

  5. Cloud replication and disaster recovery services: For SMBs who consider data backup to be too costly, time consuming and complex there is an answer. The Cloud provides a cost-effective, automated off-site data replication process that provides continuous availability to business-critical data and applications. Cloud replication can often get systems back online in under an hour following a data loss.

To conclude our conversation, it is very important to understand the causes and consequences of data loss. Be proactive and minimize the likelihood of a data breach and data loss, so you can stay in business without interruption. Make sure you have a solid data recovery and business continuity plan so you don’t become another statistic about small firms who didn’t make it.

Limited investment capital and planning for trouble

Limited investment capital and planning for trouble

Small businesses often fail to take the time to make business continuity plans. One aspect of a business continuity plan involves developing plans to handle the loss of physical infrastructure and hardware. Unfortunately, smaller and younger firms often fail to address these issues because they lack the necessary capital to invest in additional or supplemental equipment. Redundant servers, battery back systems or uninterruptible power supplies, and data backup systems that allow for offsite backup storage are the most obvious examples.

These can represent considerable capex for a small firm. However, these costs need to be weighed against the costs that would be incurred if a severe business interruption occurred. Encouragingly, new technology is creating tools for redundancy and data protection that don’t require additional hardware investments. The cloud is probably the single biggest savior for small businesses looking to defend against business interruption events. The cloud means you can offload many of your business processes and infrastructure to the cloud and sidestep creating expensive redundancies on your own. Offsite data storage, increased efficiencies as a result of shared data center costs, SaaS, and even data collaboration tools are added cost savings that can be provided by the cloud.

So before you throw up your hands and say you cannot afford to address business continuity, take another look. The cloud can redefine the paradigm of “business continuity.”

Data Protection Laws and PII's

Data Protection Laws and PII's

Last blog we discussed the overall concept of “Data Protection Laws,” which govern the handling and securing of specific data. While these laws are wide ranging, most of these laws reference Personally Identifiable Information (PII) This “refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.” (https://www.gsa.gov/portal/content/104256) For example, if you possess an individual’s first initial and last name and store it with their credit card number, bank account, SSN or driver’s license number, that becomes a PII.

At the Federal level, the United States doesn’t have any overarching and comprehensive data protection laws of the sort that most European nations do, but they do exist and primarily affect individual sectors, such as healthcare. Presently 48 states in the US have some laws requiring private or governmental entities to notify anyone whose data has been breached. In other words, if you possess personal data, you may have a regulatory responsibility to report the breach to both a government entity and the individual victim. Failure to do so may mean you’re in violation of these laws and subject to fines and penalties.

So what does this mean for a small business? You need to be aware of the likelihood that you are regulated by such laws and that you have some responsibility to show that you have taken reasonable measures and put in place procedures to maintain the security and integrity of outside data.

As a responsible business owner, you have an obligation to be aware of any applicable laws, keeping in mind that your client or prospect data may include PII from those in other states or countries. You also have an obligation to protect that data. Keeping up with the best practices for protecting your important data from hackers and data thieves is an important responsibility of every small business. Contact Net DirXions to learn how we can support your business with a complete cyber protection plan.

Are you subject to Data Protection laws?

Are you subject to Data Protection laws?

This blog introduces a new topic that many may be unaware of: Data Protection laws. These are laws that define fully, or in part, what type of data is covered by government regulations, proscribe general standards for the securing of covered data, and may also require notification of victims and governmental authorities in the event of a breach. Small businesses, no matter what product or service they provide, are likely subject to some manner of regulations regarding the storage and use of digital data. For instance, any medical office or organization that handles medical records is subject to HIPAA, the federal law regarding health data privacy. Meeting IT regulations can be expensive and time consuming and they also require timely upgrades. Failure to stay up to date can lead to fines, penalties, and a damaged reputation.

Chances are, you are subject to some data protection or data security laws. You are also very likely to be subject to breach notification laws. As a small business you should consider having an audit conducted to determine if you possess data that may be regulated by these laws. Failure to be aware that you are covered by them does not protect you in the event of a data breach.

In our next blog, we will discuss one category of information that is the focus of many data protection laws. This category is referred to as Personally Identifiable Information. When you discover what that includes, it will be pretty apparent why protecting this data is important for the integrity and success of your business.