Loss of Data: Causes and Prevention

The adoption of technology from the simplest of matters to the most complex problems has rendered us heavily dependent on it. We love paying our bills minutes before they are due. We enjoy seeing loved ones face-to-face on our computer screens. We can access and print our extremely sensitive records from government and financial websites in a matter of minutes instead of waiting for the mail for days. The time and resources that technology saves are invaluable, but this convenience has a very ugly side. This convenience brings costs, which could include irreparable financial, professional, and social damage. The technology that is designed to make life easier can also wreak havoc when criminals use it to breach secured, personal information. So how do we tame this beast called ‘breach of data security’?

Background: The gravity of the problem: To look for a solution, we first need to understand how serious this problem is. Breaches in data security and loss of data could spell imminent demise for many small companies. According to the National Archives & Records Administration in Washington, 93% of companies that have experienced data loss resulting in ten or more days of downtime have filed for bankruptcy within a year. 50% wasted no time and filed for bankruptcy immediately and 43% that have no data recovery and business continuity plan go out of business following a major data loss. In the past, small- to medium-businesses (SMBs) thought that data security problems were reserved for large corporations, but cyber criminals are finding out that SMBs are more complacent in securing their data thus making themselves easier targets. More importantly, the lightly guarded SMBs can provide backdoor access to the large entities hackers really want to hit. Fewer than half of the SMBs surveyed said they back up their data every week. Only 23% have a plan for data backup and business continuity. That is why the number of cyber attacks on SMBs has doubled in the recent past.

Causes of lost data: Loss of data can be attributed to two factors.

• Breach of data security: As we discussed above, theft is the main reason for loss of data. Hackers can get into networks by installing their own software hidden inside emails and other Web content. They take over PCs and networks and then access files containing personal information. They can then use that information to empty people’s bank accounts and exploit data for other purposes.

• Human error and employee negligence: Humans still have to instruct technology to perform as desired. Examples of negligence include unattended computer systems, weak passwords, opening email attachments or clicking the hyperlinks in spam and visiting restricted websites. Fortunately, this type of loss of data is easily preventable, but it is just as detrimental and can bring your business to a halt. Downtimes can be very harmful to your business continuity and revenue.

Five ways to minimize data loss

1. Enforce data security: More than technology, this is the management of human behavior. SMB management must communicate data protection policy to the entire staff and see to it that the policy is adhered to. Rules and policy must be enforced very strictly regarding the use of personal devices. Tell employees to create passwords that are hard to crack and change them frequently.
2. Stress the consequences: Rules are only good if there are consequences for not following them. Define what those consequences mean for the both the individual and the organization.
3. Mobile device management: Mobile devices may be the weakest link in data security. “Mobile device management” refers to processes that are designed for the control of mobile devices used within the company. Devices tapping into company systems are identified and monitored 24/7. They are proactively secured via specified password policies, encryption settings, etc. Lost or stolen devices can be located and either locked or stripped of all data.
4. Snapshots: Fully backing up large amounts of data can be a lengthy process. The data being backed up is also vulnerable to file corruption from read errors. This means sizeable chunks of data may not be stored in the backup and be unavailable in the event of a full restoration. This can be avoided by backing up critical data as snapshots.
5. Cloud replication and disaster recovery services: For SMBs who consider data backup to be too costly, time consuming and complex there is an answer. The Cloud provides a cost-effective, automated off-site data replication process that provides continuous availability to business-critical data and applications. Cloud replication can often get systems back online in under an hour following a data loss.

To conclude our conversation, it is very important to understand the causes and consequences of data loss. Be proactive and minimize the likelihood of a data breach and data loss, so you can stay in business without interruption. Make sure you have a solid data recovery and business continuity plan so you don’t become another statistic about small firms who didn’t make it.

Be Proactive: How to Avoid Potential Network Failures

For small- to medium-sized businesses (SMBs), an IT network failure can be devastating because they don’t have the resources of large corporations to bounce back from such disasters. Preparation against such devastation may be the only course for them to avoid failure and survive with the least damage if failure occurs. SMBs must be proactive in recognizing the eventuality of a cyber attack or human error that can cause data loss and disrupt business continuity. This is what needs to be done to help prevent a potential failure.

Be prepared: Being proactive is an essential step for preparation against a disaster. There are two ways to determine how to best prepare to prevent potential failure of your infrastructure. First, you need to identify the weaknesses throughout your systems, and second, determine how you are going to eliminate those weaknesses and protect your network.

Identify the weaknesses: Determine how and why your system could fail. Examine all aspects of your hardware and software. Assess all the internal and external factors that could contribute to failure of your networks. Here are some questions you need to know the answers to.

• Does customer access and/or employee productivity often stall because of downed systems? In these situations, how quickly is your IT support able to minimize the damage?
• Can you say with certainty that your business will be back on line and be able to access lost data with minimal disruption in case of failure?
• Your critical data should be backed up frequently. The data on personal laptops, iPads and other mobile devices should also be backed up. Are all these steps being taken, and how often?
• Are all backups stored in a location off-site and are they quickly accessible in the event of corruption, fire or flood?
• Are you using any custom made software? Can it be reinstalled and updated when needed?
• Are your systems truly protected from hackers and viruses? Do you change passwords when employees leave the company?
• How often do you test your backup processes?

The answers to all these questions should give you a clear picture of your network’s ability to survive in case of a catastrophe.

Here are five steps that you can take to protect your networks

1. Backup files every day: There are a large number of businesses that never backup data. Only 23% of SMBs are backing up their data daily, and only 50% are doing it weekly. A number of issues can result in loss of data. You should backup data every day.
2. Check backup procedures regularly: Don’t find out accidently that your backup system is not working properly. By then it could be too late. It may seem like your data is being backed up normally, but check frequently if it is backing up the way it should be. In this age of BYOD make sure all employees are also following procedures to backup data on their laptops, iPads, etc.
3. Make sure virus protection and firewalls are always enabled: Many companies either don’t have virus protection installed or it is disabled. That renders their networks vulnerable to virus attacks from emails, spam and data downloads. Corrupted files will not only bring your systems down but they can spread to your customers and email contacts. That will spell disaster for your reputation. Hackers are always looking for unprotected and open ports online that they can attack with malicious code or files. That can cause permanent data loss.
4. Monitor server drives: Dangerously full server drives can cause many problems, ranging from program crashes to sluggish email delivery. Servers should be monitored and maintained regularly to avoid these problems.
5. Check built-in logs: Frequent reviews of built-in logs can reveal small issues. You will have a chance to prevent them from becoming bigger, harder-to- manage problems that can bring your systems down.

Summary: We now know IT system failures have very serious consequences for SMBs. We also know that they can avoid such failures by being proactive. Many SMBs are now turning to cloud-based services and virtualized backup solutions to mitigate downtimes and network failures. Virtualization and cloud computing have enabled cost-efficient business continuity by allowing entire servers to be grouped into one software bundle or virtual server – this includes all data, operating systems, applications, and patches. This simplifies the backup process and allows for quick data restoration when needed.

It is Heaven! Using the Cloud to Challenge Big Business

Has anyone suggested you begin moving your business to the cloud? Cloud data storage or cloud computing? What is this, anyhow? And isn’t it something for huge companies?

In the last post we explained what cloud computing is. Simply put, it is the offsite storage of your data, and perhaps even the software packages you use. The primary benefit is pretty straightforward. Somebody else pays for all the hardware and support costs needed to store your data. You pack up all your own servers, wiring, etc. and take them to the recycling center, and save money. But is that all it is? There is a much stronger case for a small business to incorporate the cloud in their business model. The cloud allows you to become competitive with the big players in your industry.

The traditional issue holding back small business: they do not have the capital to create the infrastructure to compete with large firms. They are too small to enjoy economies of scale. One obvious area is software and hardware. Historically, the technology used by big business has been out of reach of the little guys. Most SMBs have neither the hardware budget nor internal resources to own a network infrastructure. A small business does not have capital to buy the equipment. Take a simple example: You run a storefront, but think you might be able to sell a bit more if you went online, but you don’t know how much more. You can’t justify the capital to buy the hardware, software, and the labor to design, build, and support it all. The cost of entry to the online world is just too much.

The cloud ends all of that. In simple terms, the cloud lets you rent just as little infrastructure as you need, and then lets you grow as incrementally as you like, paying only for what you use.Essentially, the cloud has become the great equalizer. The high cost of entry created by IT can be eliminated by the cloud.

Four Key Components of a Robust Security Plan Every SMB Must Know

Most businesses are now technology dependent. This means security concerns aren’t just worrisome to large corporate enterprises anymore, but also the neighborhood sandwich shop, the main street tax advisor, and the local non-profit. Regardless of size or type, practically any organization has valuable digital assets and data that should not be breached under any circumstances.

This makes it the responsibility of every business, especially those collecting and storing customer/client information, to implement a multipronged approach to safeguard such information.

Yes, we’re looking at you, Mr. Pizza Shop Owner who has our names, addresses, phone numbers, and credit card information stored to make future ordering easier and hassle free.

Today’s SMB Needs a Robust Security Plan
Protecting your business and its reputation comes down to developing, implementing, and monitoring a robust security plan that adequately addresses everything from physical access and theft to the threat of compromised technology security.  This involves defining and outlining acceptable uses of your network and business resources to deter inappropriate use.  Here are four key components to consider.

Network Security Policy: Limitations must be defined when it comes to acceptable use of the network.  Passwords should be strong, frequently updated, and never shared.  Policies regarding the installation and use of external software must be communicated.

Lastly, if personal devices such as laptops, tablets, or smartphones are accessing the network, they should be configured to do it safely, which can be done easily with a reliable Mobile Device Management (MDM) solution.

Communications Policy:  Use of company email and Internet resources must be outlined for legal and security reasons.  Restricting data transfers and setting requirements for the sharing or transfer of digital files within and outside of the network is recommended. Specific guidelines regarding personal Internet use, social media, and instant messaging should also be clearly outlined. If the company reserves the right to monitor all communication sent through the network, or any information stored on company-owed systems, it must be stated here

Privacy Policy: Restrictions should be set on the distribution of proprietary company information or the copying of data.

Inappropriate Use: Obviously, any use of the network or company-owned system or device to distribute viruses, hack systems, or engage in criminal activity must be prohibited with the consequences clearly noted. Any website that employees cannot visit should be identified if not altogether blocked and restricted. For instance, downloading an entire season of True Blood from a Bit Torrent site isn’t an acceptable use of company Internet resources.

Every employee must know these policies and understand the business and legal implications behind them.  Companies must also make sure these policies are clear and understood by all, and most importantly, strictly enforced.

Just Because You’re Not a Big Target, Doesn’t Mean You’re Safe

Not too long ago, the New York Times’ website experienced a well-publicized attack, which raises the question – how can this happen to such a world-renowned corporation? If this can happen to the New York Times, what does this bode for the security of a small company’s website? What’s to stop someone from sending visitors of your site to an adult site or something equally offensive?

The short answer to that question is nothing. In the New York Times’ attack, the attackers changed the newspapers’ Domain Name System (DNS) records to send visitors to a Syrian website. The same type of thing can very well happen to your business website. For a clearer perspective, let’s get into the specifics of the attack and explain what DNS is.

The perpetrators of the New York Times’ attack targeted the site’s Internet DNS records. To better understand this, know that computers communicate in numbers, whereas we speak in letters. In order for us to have an easy-to-remember destination like nytimes.com, the IP address must be converted to that particular URL through DNS.

Therefore, no matter how big or small a company’s online presence is, every website is vulnerable to the same DNS hacking as the New York Times’ site. The good news is the websites of smaller companies or organizations fly under the radar and rarely targeted. Larger targets like the New York Times, or LinkedIn, which was recently redirected to a domain sales page, are more likely targets.

For now…
There is no reason to panic and prioritize securing DNS over other things right now. But there is a belief that DNS vulnerability will be something cybercriminals pick on more often down the road.

Here are a few ways to stay safe

Select a Registrar with a Solid Reputation for Security

Chances are, you purchased your domain name through a reputable registrar like GoDaddy, Bluehost, 1&1, or Dreamhost. Obviously, you need to create a strong password for when you log into the registrar to manage your site’s files. Nonetheless, recent DNS attacks are concerning because they’re far more than the average password hack.

It was actually the security of the registrars themselves that was compromised in recent attacks. The attackers were basically able to change any DNS record in that registrar’s directory. What’s particularly frightening is the registrars attacked had solid reputations. The New York Times, along with sites like Twitter and the Huffington Post, is registered with Melbourne IT. LinkedIn, Craigslist and US Airways are registered with Network Solutions. Both had been believed to be secure.

So what else can be done?

Set Up a Registry Lock & Inquire About Other Optional Security

A registry lock makes it difficult for anyone to make even the most mundane changes to your registrar account without manual intervention by a staff registrar. This likely comes at an additional cost and not every domain registrar has it available.

Ask your registrar about registry locking and other additional security measures like two factor authentication, which requires another verifying factor in addition to your login and password, or IP address dependent logins, which limits access to your account from anywhere outside of one particular IP address.

While adding any of these extra safeguards will limit your ability to make easy account change or access your files from remote locations, it may be a worthwhile price to pay.

Stay Secure My Friend… More Hackers Targeting SMBs

Many SMBs don’t realize it, but the path to some grand cybercrime score of a lifetime may go right through their backdoor.  SMBs are commonly vendors, suppliers, or service providers who work with much larger enterprises. Unfortunately, they may be unaware that this makes them a prime target for hackers. Worse yet, this may be costing them new business.

Larger companies likely have their security game in check, making it difficult for hackers to crack their data. They have both the financial resources and staffing power to stay on top of security practices. But smaller firms continue to lag when it comes to security. In many cases, the gateway to accessing a large company’s info and data is through the smaller company working with them. Exposed vulnerabilities in security can lead cybercriminals right to the larger corporation they’ve been after.

Cybercriminals Target Companies with 250 or Fewer Employees

Research is continuing to show that cybercriminals are increasingly targeting smaller businesses with 250 or fewer employees. Attacks aimed at this demographic practically doubled from the previous year. This news has made larger enterprises particularly careful about whom they do business with. This means that any SMB targeting high-end B2B clientele, or those seeking partnerships with large public or government entities, must be prepared to accurately answer questions pertaining to security. This requires an honest assessment of the processes taken to limit security risks.

View Security Measures as Investments

CEOs must start viewing any extra investment to enhance security as a competitive differentiator in attracting new business. Adopting the kind of security measures that large enterprises seek from third-party partners they agree to work with will inevitably pay off. The payoff will come by way of new revenue-generating business contracts that will likely surpass whatever was spent to improve security.

Would-be business partners have likely already asked for specifics about protecting the integrity of their data.  Some larger entities require that SMBs complete a questionnaire addressing their security concerns. This kind of documentation can be legally binding so it’s important that answers aren’t fudged just to land new business. If you can’t answer “yes” to any question about security, find out what it takes to address that particular security concern.

Where a Managed Service Provider Comes In

Anyone who isn’t yet working with a Managed Service Provider (MSP) should consider it. First, a manual network and security assessment offers a third-party perspective that will uncover any potential business-killing security risks. A good MSP will produce a branded risk report to help you gain the confidence of prospects to win new business.

A MSP can properly manage key elements of a small company’s security plan. This includes administrative controls like documentation, security awareness training, and audits as well as technical controls like antivirus software, firewalls, patches, and intrusion prevention. Good management alone can eliminate most security vulnerabilities and improve security.