June 6, 2018
In recent years there has been an enormous explosion of data, with the world’s current output sitting at 2.5 quintillion bytes/day.
Big data is a blessing for many businesses. Data-driven decisions have allowed countless big and small companies to cut costs, improve efficiency, and increase the value of their products and services.
“With great power comes great responsibility,” said Uncle Ben.
Humongous amounts of data give you a lot of power. But it’s also your responsibility to keep that data safe and secure. In this brief guide, we will look at four steps that will help you do just that.
Hire A Security Expert To Carry Out An Audit
Protecting against data theft demands a painstaking search for vulnerabilities. If you don’t know which areas of your business are at risk, how are you going to protect them?
You need to audit your entire infrastructure – the office network, smartphones, computers, servers, and everything in between – to uncover potential entry points for hackers. You will also need to account for:
- IT security mandates in your industry (ex: HIPAA and HITECH)
- Types of data critical to your operations
- The culture and cybersecurity hygiene of employees
- Data security policies you have in place
Moreover, you will also need to review how you work with third-party vendors and service providers.
Are you giving your HVAC company more access to your office than they need? If your printers are managed by an external provider, is their remote diagnostics software secure?
Performing this type of full assessment is tedious work, and it requires specialist knowledge which business owners, like you, may not have. So consider hiring a certified IT security professional to carry out the job.
The cost of getting an outside expert will be substantial, as you might expect. But the expense can pay bigger dividends.
Not only will a full IT infrastructure evaluation uncover cracks in your systems, but announcing that you’ve hired a certified professional to bolster data security will also put you in good standing with today’s security-conscious stakeholders.
Train And Inform Employees
When talking about competitive advantages, many business owners are quick to bring up their talented and hardworking staff.
But did you know that your workers can be a serious vulnerability, too?
We’re not just talking about malicious employees who steal information, sell trade secrets to competitors, or have a grudge against the company. Even honest people in your company can be an inadvertent actor in a cyberattack.
Unlike computers, us humans can be coerced or persuaded to click on a link in an email. We misplace and lose our devices. And a bit of small talk might be all it takes for us to open up and start talking about things we shouldn’t.
So train your employees to combat these human shortcomings.
Get them up to speed with the latest best practices during onboarding. But don’t let cybersecurity training become a one-and-done thing. Threats evolve and so should your training.
Among many things, here are some data and cybersecurity concerns employees must prepare for:
- Social engineering: The art of manipulating and deceiving people into giving up confidential company information. Crooks may disguise themselves as technicians to gain physical access to your office. Instead of exploiting software bugs and vulnerabilities, social engineering seeks to take advantage of human psychology.
- Malicious emails: Email is the communication medium of choice for many companies. Unfortunately, the less-than-ideal authentication mechanism of emails also means employees will get spoofing and phishing messages from cybercriminals.
- Password and authentication: Business people are notorious for poor password practices. Many of these users still use easy-to-crack passwords like “Password1” according to a 2012 report by Trustwave.
Always Update Critical Software
The ransomware attack on the UK’s National Health Service (NHS) in 2017 saw more than 1,200 pieces of diagnostic equipment disabled and led to the cancellation of 19,494 appointments. The massive disruption also prevented hundreds of patients from getting urgent help.
During the post-mortem, authorities and security professionals on the case blamed outdated software for the attack. The NHS was still using Windows XP at the time, an operating system which has not been supported since 2014.
People have spoken for and against the NHS and their insistence on using an outdated operating system. Turns out upgrading systems is a huge (and expensive) technical hurdle for an organization of NHS’ size.
But the lesson is clear:
Always use updated and supported software.
Otherwise, you are putting your business and the data about its customers, vendors, and other stakeholders at risk. The lesson holds true for every piece of software you use. But know that some require more attention than others.
The operating system, for example, provides the environment wherein all other installed applications function. If the OS is compromised, the entire system is vulnerable. So update your operating system as soon as a new patch comes out.
Anti-malware programs and other security software are top priorities, too.
More than 250,000 types of malware are created everyday. And the only way to keep up with constantly evolving and multiplying malware threats is to ensure your security software has the latest definitions.
Backup Your Data
No system or network is 100% impervious to any attack.
Your mission-critical information may be safely tucked behind strong authentication protocols, SSL encryption, and malware protection. A tough nut to crack for hackers. But even multiple layers of security won’t protect you against physical threats like:
- Natural disasters, like fire and earthquakes, that can wipe out your entire office
- Thugs breaking in and taking away your servers
- Or an employee losing their company-issued phone, inadvertently giving outsiders access
All of those situations can lead to massive data loss. Where will your business be if one of them happens?
According to the National Archives and Records Administration in Washington, 93% of businesses that lost their data for 10 days filed for bankruptcy within one year after the disaster. Don’t let your business become a statistic. Backup your data!
When creating a backup and recovery plan for your business, always keep the tried-and-tested 3-2-1 strategy in mind. This backup strategy recommends having:
- Three copies of your data
- Two local copies (including the original)
- And one offsite backup
The 3-2-1 strategy assumes that the first copy of your data are the original files and folders. Although, some cybersecurity and disaster recovery experts recommend having four copies – one original and three duplicates – for added redundancy.
The second copy of your data is the local backup. Onsite backups come in handy when you, say, inadvertently overwrite or delete a file. Having a copy of the file in an office hard drive or NAS means employees can get back to work with very minimal disruption.
The third copy is the offsite backup.
The last piece of the backup strategy will save you from sleepless nights and financial woes should an intruder or disaster wipe out everything in the office. The offsite backup sits in a data center, safe from physical and digital threats.
Some backup providers even create another backup of mission-critical files and store it on a second data center. This way, your data stays intact even when a calamity strikes – unless we’re talking armageddon!
Nathan Sharpe is the entrepreneur behind Biznas, a blog where he serves practical business advice and tips to readers. Learning and helping others learn is his passion.