Data Security

A beginner’s guide to data security

Whether your business is a large multinational or a small mom-and-pop operation, your data is one of your most important and vulnerable assets. Despite this, many businesses don’t have the necessary data security procedures in place to protect their data from a host of threats including physical loss, corruption, hackers, and security breaches.

This guide will cover:

Data storage and management

The first step to protecting your data is making sure you know how and where your data is stored. Is it on a set of ancient whirring disk drives or a solid-state memory storage device?

You have many options when it comes to data storage. To choose the best option you’ll want to think about how and when you need to access your data. Do you only need access in your office or do you need to be able to work remotely? You’ll also want to consider whether or not to store your data on-premises or offsite.

There is no one-size-fits-all answer. You and your managed IT services provider need to determine the best solution for your business. The safety and reliability of your data storage system could affect how much downtime you experience or what problems you encounter in data recovery should a disaster happen.

Do you know what happens should your data be deleted? Or even your backups?

A measured, well thought out plan could mean the life or death of your company. According to a study by Touche Ross, less than 10% of companies survive a major disaster when they have no disaster recovery plan in place. It’s up to you to take the necessary steps to defend your business’s data.

Data backup and recovery

Accidents happen. Natural disasters occur. Hackers attack. There are many ways you could experience a catastrophic loss of data. Having the right backup and recovery plan is vital to your company avoiding downtime and reducing productivity loss.

The most important aspect, however, is to assess your needs, your resources, and to have a plan.

Options for backup plans can range from on-premises storage devices to off-site solutions or a combination of both. Ask yourself questions such as “How fast do I need data back when lost?” and “How fast do I need to access that data?“  You’re going to want a plan that answers those questions.

Is a cloud backup plan sufficient or is it vital to have a physical backup device on-site? There are good arguments for both options, as well as solid arguments for a managed combination of the two. A lot of it comes down to security and ease of access.

Cloud solutions

Public cloud services offer a lot of storage options at a low cost. Private cloud is another option that can give you even more security and control. Many businesses choose a private cloud because they operate within a specific set of requirements not supported by public cloud services. While public clouds are fairly secure, they don’t offer the same level of control, customization, and privacy that a private cloud can offer.

Another aspect of backup management is paying attention to the network as a whole. A cloud backup system is no good if the Internet is down. Do you have a plan if that occurs?

For on-site backup devices, should you rely on a wireless wide-area network (WAN) or go for a more robust wired connection? All good questions. Fortunately, a little research can go a long way toward finding the best data backup solution for your business.

Cybersecurity threats

According to the 2018 Thales Data Threat Report, the rate of successful data breaches has reached an all-time high for mid-sized and enterprise-class organizations. 67% of organizations worldwide and 71% in the US have been breached at some point in the past.

Nearly half of the US organizations surveyed reported a breach within the past 12 months alone–almost twice the previous year’s response. Global organizations didn’t fare much better.

Some of the most recent breaches of note:

  • Equifax: 143 million individuals’ personal information exposed
  • Edmodo: 77 million records hacked
  • Verizon: 14 million users hacked
  • JobLink: Almost 5 million records compromised

How could this happen?

Unfortunately, there exists any number of ways such breaches can occur. Software companies are constantly discovering security holes and sending out updates, but not everyone bothers to install the updates, leaving the door wide open for an enterprising hacker to set up shop. Phishing emails can be the foot in the door that allows a bad actor to begin infiltrating an otherwise secure system.

Sometimes the vulnerability is something as simple as the careless use of a public Wi-Fi, or falling victim, to a social engineering scenario in which a hacker manipulates sensitive information from a live person. Security breaches also can occur when hardware is improperly disposed of and a cybercriminal mines old hard drives for sensitive information.

On a related note, ever lose a smartphone? Imagine how much valuable data can be pulled from just a single misplaced or stolen phone.

Addressing cybersecurity issues begins with looking at threat prevention. Halt the threat before the damage is done.

Threat prevention

In the vast majority of cases, threat prevention can be achieved by taking simple, common-sense steps. First and foremost is employee training and communication.

Some of the most common cyberthreats can be thwarted by keeping employees aware of their own online habits and how they can change them to improve the security of your business. Proper password creation, use of two-factor authentication, keeping up on updates, avoiding ransomware, and being wary of phishing scams can all do much to protect your network’s integrity.

Keeping a smartphone secure doesn’t involve jumping through a lot of hoops. It can be as simple as allowing system updates, using lock screens, being wary of public Wi-Fi, and good password habits.

These are simple, employee-centered strategies. It’s equally important to discuss your security concerns with the experts within your own IT department, or with a managed service provider with a team of tech support and security experts at your beck and call.

Closing thoughts

Remember: Your data is your business.

One supports the other – when one is at risk, everything is at risk. Whether the threats to your data come from accidents, natural disasters, bad actors, or bad management, it’s your responsibility to your business and your clients to take steps to protect that data.

You’ll reduce downtime, loss of revenue, and loss of reputation if you take the time to form a comprehensive and sensible data management and security plan.