[BreachExchange] How to Safeguard SMBs Data In 7 Steps

Audrey McNeil audrey at riskbasedsecurity.com
Fri Dec 23 10:21:26 EST 2016


http://www.smallbizdaily.com/how-to-safeguard-smbs-data-in-7-steps/

A breach of data or loss of sensitive information can be disastrous for any
company, but for small businesses it could mean shutting down business the
very next day of its opening.

When considering the infrastructure of operations of a startup business, IT
is usually the least concern and lags behind other functions. This is
particularly the case for small-medium sized business (SMBs) with limited
resources, or it gets outsourced. Even if the IT function is managed
internally, business owners are likely to pay more attention to other
production and administrative functions rather than on the backup and
recovery of sensitive data their business is accumulating over time.

Business both large and small alike hold critical data which can cause
serious problems if not protected and shouldn’t be entrusted to unreliable
third-party vendors. To prevent the loss of sensitive information here are
7 steps solution providers or SMBs themselves can implement to properly
safeguard their data and avoid data breaches.

1. Data Backup – Ensure Data Recovery

Just like tech giants Google and Apple, SMBs also manages the bulk of
information each day which needs to be properly protected and backed up for
recovery. But sometimes SMBs take a simplified approach for backup and
recovery due to limited resources which can cause data recovery issues.

For example, tape backup often required periodic ‘base backup’ and
‘incremental backups.’ The data you need to recover might be in one of
these backups, and you’d have to install and check these backups to recover
your data which might get damaged.

To avoid all of such issues always ensure to choose a failsafe and reliable
approach for data backups, such as keeping a combination of ‘base backup’
on a drive and rest of ‘incremental backups’ on a cloud storage sorted
date-wise.

2. Make your data disaster proof

Disasters are instantaneous and uninvited which affects every person and
organizations alike. To avoid damage from such calamities is to consider
cloud storage backups which store data on off-site data centers. However,
before choosing a vendor for cloud storage services do check for the data
retention laws in that country.

For example, UK has just passed Investigatory Powers Act 2016 which
requires companies to store data for 12 months and must allow access to any
law enforcement agency.

3. Setup your data loss tolerance level

Data loss costs millions of dollars to businesses each year. Such huge
costs can affect and cripple businesses severely, especially SMBs. While
some data loss is inevitable, keeping a tolerance or severity level on data
loss and determining the amount and type data depending on its sensitivity,
and consequences is the key. It is recommended to look for solutions that
automates backups per business schedules.

4. Determine endurance level upon data loss

Endurance level refers to how long you can operate without access to the
lost data. The recommendation is a baseline of 24 to 48 hours and sorting
your data into three categories.

Data which you can live without.
Data that is important and you need within 24 to 48 hours.
Data that is crucial that you must need within 24 hours.

Prioritizing in such a way helps in organizing your data in circumstances
of data loss.

5. Choose a right vendor

Choosing a right provider for data backup and recovery is crucial because
sensitive and confidential information is involved. Before selecting a
vendor, talk to former and existing customers about what type of data
protection system they’d be most interested in.

Moreover, choosing a medium of data backup and recovery is also important,
whether you want to backup in an old fashion way of DVDs or local hard
drives or more advanced dedicated storage servers or cloud-based off-site
data centers.

While considering off-site data centers make sure to check for regulatory
compliance of the service with certified standards such as SAS 70, GLBA,
HIPPA, SOX and ability to perform end-to-end-encryption.

6. Real-time application backup support

Most backups operations leave files that are in use during the backup. If
your systems do not support this function, then your data is not
safeguarded. Applications like Microsoft Exchange, VMware, Microsoft SQL
requires specialized support, so be sure your vendor data protection
systems can support such applications while performing backup.

7. Protect Mobile Devices

Ponemon Institute researched and surveyed 116 organizations in which 62
percent people reported lost or stolen mobile devices containing sensitive
information. Only 49 percent of respondents were concerned with the
protection of their mobile devices, and a mere 39 percent responded that
their organizations have placed security measures to mitigate the risks.

Usually, employees bring their own device (BYODs) which places
organizations at significant risks. The data protection systems should
include security software such as VPN, antivirus, and malware to secure
on-site data on the mobile devices on the go. Considering facts like the UK
Investigatory Powers Act 2016 in effect, using best VPN service has become
a necessity to protect your sensitive information from data breaches.

Data loss costs in millions of dollars on top of losing confidential
information of your customers, so consider IT as your essential function
and take necessary steps to ensure business continuity and data loss
protection.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161223/e92dcd14/attachment.html>


More information about the BreachExchange mailing list