Yahoo! Anthem Healthcare. Ashley Madison. Target. Home Depot. Google. Major data breaches make major headlines, but if it can happen to them, it can happen to you. In fact, in 2015, 90 percent of all businesses—large and small—were exposed to some kind of external data threat.1 Most businesses collect and store a lot of sensitive information on their computers: Customer payment information, personnel files, bank account details, and the list goes on. However, you may be surprised to learn that many small and medium sized businesses don’t take relatively easy, but very important, steps to protect their business information, such as making regular backups and automatically updating antivirus and antimalware software.2 Before you turn the page thinking this is not relevant to your business, consider these facts:
Lost information is often impossible to replace and is dangerous in the hands of criminals. Luckily, there are many things you can do to safeguard your business data. Below are five critical parts to every business continuity plan that you can implement to decrease your business’s risk in the event of a security breach, critical hardware failure, or natural disaster.
1. OFFSITE BACKUPS
Imagine your system crashes and you lose all your data. Could you run your business? The most important requirement of any business continuity plan is the replication of your data to a secure offsite location. Automated offsite backups typically employ an easy-to-use program that runs on your computer or server and backs up nightly to another location. With current backups of your data and a defined plan to restore them, you can recover from almost any breach or loss.
2. ASSET DOCUMENTATION
Knowledge is power. With most businesses utilizing cloud-
based services and a hybrid of mobile and on-premise computer systems, knowing every piece of your information technology (IT) infrastructure, how it’s accessed and how it’s all connected, is key to protecting your data. Set up a secure database to keep track of all of your hardware and software, including all passwords and support contact information. In the event of a service interruption or data loss, correct (and current) IT asset documentation is critical to restoring your data in a timely manner.
3. SOFTWARE UPDATES
Would your customers still trust you if their payment information fell into criminal hands as a result of a data breach at your business? The NTT Group 2015 Global Threat Intelligence Report reveals that 76 percent of observed vulnerabilities on enterprise networks in 2014 were two or more years old and already had patches or updates available.5 Keeping your software and network systems updated will greatly reduce your risk of security breaches. Growing businesses use an increasing variety of software programs, and it can be a daunting task to keep everything patched. Luckily, there are inexpensive services to assist you with this task, ensuring the updates do not negatively affect your IT systems.
4. CONTENT FILTERING
Most modern destructive viruses originate from a user clicking on the wrong link in an email, on a website, or on social media or other platforms. Having device and perimeter content filtering will help stop these events from occurring on your computers and mobile devices. Combined with antivirus and anti-spam software, you will decrease the chances of losing data to a virus or malicious user. An added benefit of content filtering is the ability to monitor and control unauthorized web browsing, which can save your company money lost on non-business use of Facebook, YouTube, etc.
5. PLAN AHEAD
Data loss has very real financial implications for businesses of all sizes. Even the smallest loss (a misplaced cell phone with company email on it) can represent a major breach depending on your industry. Your business continuity plan should:
Keep your plan up to date and make sure everyone is notified of any changes.
Don’t be an easy target. Your business saves an increasing volume of data in an intensely complex IT environment. Research indicates that using a one-size-fits-all solution is not sufficient to defend against today’s threats.1 Remember that information security is not a one-time activity, but a dynamic process that requires ongoing management. When in doubt, hire an expert. Whether your business is large or small, a trusted IT team can help your business develop a comprehensive business continuity plan customized for your specific needs and concerns. Combining the use of offsite backups, content filtering, managed antivirus protection, firewalls, and strong security policies with employee training will significantly reduce your business risk of data loss.
1) Kapersky Lab (2015), Global IT Security Risks Survey (available at: http://media.kaspersky. com/en/business-security/it-security-risks-survey-2015.pdf)
2) According to Carbonite, Inc.’s 2014 Report on State of Backup for SMBs (available at: http://investor.carbonite.com/releasedetail. cfm?ReleaseID=847106), only about 32 percent of small and medium sized businesses backup their data daily. Kapersky Lab’s 2015 Global IT Security Risks Survey (available at: http://media. kaspersky.com/en/business-security/it-security-risks-survey-2015.pdf) indicates that only
66 percent of businesses are fully protected from malware
3) Disaster Recovery Preparedness Council (2015) The State of Global Disaster Recovery Preparedness (https://drbenchmark.org/wp-content/uploads/2014/02/ANNUAL_REPORT-DRPBenchmark_Survey_Results_2014_report. pdf)
4) Symantec (2013) Internet Security Threat Report (available at: http://www.symantec. com/content/en/us/enterprise/other_resources/b-istr_main_report_v18_2012_21291018.en-us. pdf)
5) NTT Innovation Institute 1 LLC (2015) Global Threat Intelligence Report 2015 (available at: Ecurity.Com/Us/Uploads/Files/Us_Gtir_Executive_Summary_Public_Approved_V8.Pdf.)