Can your business survive without its data?
Can your business survive if you suddenly lost all your data? Can it survive with limited functioning of your email, databases and payment systems? What would be the impact to your business of extended downtime for one or more of your team?
In today’s business environment, almost everything relies on IT, which in turn relies on the data you are generating each day. Data Security is the IT equivalent of car insurance- it’s not something you want to pay for, but in case of a disaster, it will save your business. Without Data Security, you are playing Russian roulette, and one day, you will be the loser.
What is Data Security?
The concept of Data Security refers to measures taken by businesses to protect their data. It is designed to prevent unauthorized access to your computers, data and website. It also protects you from other malicious events, such as data corruption, natural disasters or hardware failure.
To protect your business when something happens to your data, a business owner needs to ensure that systems are in place to minimise the effect of the breach on your bottom line. In a more technical sense, Data Security includes systems such as:
- Data Encryption
These systems will ensure that you are as safe as you can be from data loss.
What are the new trends in Data Security?
These days, everyone knows someone who has been hit by a Ransomware attack. This is a type of virus that preys on those that do not have sufficient data security practices in place. In fact, this virus specifically looks for Small to Medium Sized Businesses (SMB’s) that have neglected their security measures.
A Ransomware attack will encrypt any data it finds, making it unusable. Then the attacker will demand a ransom in exchange for unlocking your data. The worst part is, these criminals are under no obligation to actually unlock your data, and once they are in, there is almost nothing you can do get them out. The best option to recover from a Ransomware attack is to roll your entire network back to a previous state, from before the ransomware hit. To do this skillfully, you need to have up-to-date backups.
Due to the increased number of attacks in recent years, the government is now demanding that businesses roll out Data Security measures. As of the 25th of Feb 2018, the Australian Government requires mandatory data breach notification. This means that if you lose control of your customers personal data, you will be legally obligated to notify all the affected parties. Additionally, you will be required to submit details of the steps you took to protect your customers data. If the Government discovers that you have not taken the minimum steps to protect data, your business could face fines of up to 1.8 million AUD.
Why is Data Security important for your clients?
Your customers give you their data, trusting that you will protect it. If a customer purchases something from you with a credit card, they are giving you all the information required to take money from their bank accounts. If a customer subscribes to a newsletter or magazine, they may give you their name, address, email address and bank account details. This is all highly confidential data, and the onus is on you to protect it. Without sufficient Data Security, you are running the risk of this critical information falling into the hands of criminals.
For a lot of businesses, the best marketing strategy is happy customers. Now imagine that you have lost all your customers’ personal data to a hacker! Chances are they will tell their friends and family just how unhappy they are.
As an example, Sony suffered one of the biggest data breaches of all time in 2011. According to Reuters (Business & Financial News Desk), this breach led to the theft of the names, addresses, and credit card details of up to 77 million user accounts. Sony was able to recover their public image, but something like this could ruin an SMB.
Ensure you are Protected
There are a few key security elements which will ensure your data is safe. These include:
- Firewall: A firewall controls all traffic going in and out of your network. This is the first step you should take in protecting your data.
- Anti-virus: An anti-virus software should be installed on all desktops, notebooks and servers. Note that the Anti-Virus should always be up-to-date.
- Data Encryption: This solution will lock all your data behind a wall that requires users to verify their identity before it can be accessed. Verification can be done via passwords, codes or biometric data.
- Redundant Backups:
- Primary: Onsite (on a local server or backup device);
- Secondary: Cloud – Up-to-date cloudbackups are the fall back in case every other step fails.
- Education. Education: The most vulnerable part of your network is always your users. No matter what systems you have in place, a disaster may be unavoidable. You need to educate your users on how to spot a phishing email. This is a type of social engineering technique that is used by hackers to deceive users into handing over their personal data and to exploit weak links in data security systems. Users need to know that you should never open an attachment in an email, unless they know the sender. They also need to know that they should never give out their password to anyone for any reason.
Recover Quickly from Attacks
A customer of DWM’s was recently struck by a serious data breach. A Ransomware email got through to one of their staff. Without realising what it was, a staff member clicked on an attachment, which was loaded with a malware payload. Within minutes all their data was locked and they were told to pay a ransom or lose it all!
Luckily, this customer had implemented Anti-Virus, Firewalls, and email filtering, so they were able to return to business as usual in less than one day! They also had up-to-date and tested backups, so DWM was able to simply roll back their network to a healthy state from before the ransomware had hit.
Now imagine this same scenario, but the company had neglected to verify if their backups were up to date. They may be operating on the false presumption that their Data Security is up to date, but the data may not actually be there! And when it matters most, they discover that their backups have failed.
Don’t let this happen to you! If you don’t have any of the above Data Security systems in place, or you want to be 100% sure about your systems, contact DWM Solutions to conduct a security audit.