[BreachExchange] How Businesses Can Avoid a Data Loss Nightmare

Audrey McNeil audrey at riskbasedsecurity.com
Wed Mar 30 19:55:17 EDT 2016


http://www.biztechmagazine.com/article/2016/03/how-businesses-can-avoid-data-loss-nightmare

Any company, no matter the size, fears losing its data — or access to its
data. In a worst-case scenario, that could shut down a business and lead to
customer and revenue losses. So how can businesses defend against those
outcomes and ensure that they have adequate data backup systems in place?

Those are thorny questions ahead of World Backup Day, which is Thursday.
This event, first held in 2011, is aimed at getting agencies, businesses
and individuals to back up their files, as well as highlighting common ways
data can be lost and options to back it up.

Companies are facing more complex threats to their data security, Norman
Guadagno, chief evangelist at Carbonite, told BizTech. Carbonite, which
offers cloud and hybrid backup software for small and midsize businesses,
recently released a survey on data backup and recovery that found that IT
professionals at SMBs are worried about data loss.

Facing Threats from Multiple Angles

Guadagno says that threats to companies’ data used to be clearer: A hard
disk would fail, or a server would get destroyed in a natural disaster. The
goal was to have protection in case of an event like that. “Although those
problems are still there and they’re still threats, what’s become
interesting is all of the treats we never imagined,” he says.

Now, threats include internal security issues from a company’s employees,
as well asransomware, in which malicious actors infect a computer system or
network with malware and hold data or the system hostage in exchange for
payment.

In November 2015, Carbonite conducted a survey of more than 250 IT
decision-makers at businesses with 250 or fewer employees. The survey found
that while 47 percent of respondents said fear of losing data keeps them
awake at night, only 36 percent have a detailed disaster recovery plan in
place and just 45 percent have a framework for one.

In a world in which “every business is a data business,” Guadagno says,
losing access to data or losing data completely can have a cascading
effect, in which companies need to pay to recover their data and replace
hardware, need to pay employees who are not working and may lose customers
and revenue they will never get back.

Data backup tends to be more challenging for small businesses because they
often do not have large IT staffs devoted to data security, Guadagno says.
“One of the things many small businesses struggle with is not necessarily
understanding the difference between storage and backup,” he says.

Storage, he notes, relates to putting a selection of documents or data in
the cloud to be shared. Backup refers to backing up all of the data and
documents a company needs to run its business. “The differences only become
apparent when something goes wrong,” Guadagno says.

According to Guadagno, one reason Carbonite’s survey found a disconnect
between the percent of IT decision-makers who are worried about data loss
and the percent who are actively taking steps to back up their data is that
many are bothered by the prospect of data loss, but not enough for
protecting data to be a top business priority. Often, in SMBs, these
executives and officials are focused on not only IT security, but also many
other business tasks, he notes.

The Carbonite survey found that 55 percent of small business IT managers
worry more about threats from their own employees than about threats from
external entities, like hackers. Guadagno explains that that is a worry
about an employee not only acting maliciously, but also unwittingly
clicking on an email that lets an outsider gain access to a company’s data
and potentially hold it for ransom.

According to The Washington Post, in 2015, the FBI received 2,453
complaints about ransomware and victims lost $24.1 million.

Best Practices for Businesses

World Backup Day founder Ismail Jadun told BizTech that for both small
businesses and larger organizations, “the 3-2-1 rule is a pretty good rule
of thumb” to follow in backing up data.

He recommends that companies have at least three physical copies of their
data, in addition to their primary backup; that they store the copies in
two different formats; and that they have one backup copy off-site.

Guadagno says that if companies have a backup to the cloud, they should
have that system back up data regularly. Carbonite’s services do that
automatically, and if something goes wrong, the data can be restored easily.

Guadagno also recommends that companies educate their workforces on good
data hygiene and how to avoid potentially malicious actors and suspicious
emails. He also notes that firms need to have a plan for internal
communications and recovery if something disastrous does happen. He also
recommends having a clear plan for informing customers.

“It’s a data-driven business in 2016,” Guadagno says. “[Companies] need to
protect that the same way they double-bolt the door at the of the day.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160330/e6250ab3/attachment-0001.html>


More information about the BreachExchange mailing list