By Peter Buttler
A breach of data or loss of sensitive information can be disastrous for any company, but for small businesses it could mean shutting down business the very next day of its opening.
When considering the infrastructure of operations of a startup business, IT is usually the least concern and lags behind other functions. This is particularly the case for small-medium sized business (SMBs) with limited resources, or it gets outsourced. Even if the IT function is managed internally, business owners are likely to pay more attention to other production and administrative functions rather than on the backup and recovery of sensitive data their business is accumulating over time.
Business both large and small alike hold critical data which can cause serious problems if not protected and shouldn’t be entrusted to unreliable third-party vendors. To prevent the loss of sensitive information here are 7 steps solution providers or SMBs themselves can implement to properly safeguard their data and avoid data breaches.
1. Data Backup – Ensure Data Recovery
Just like tech giants Google and Apple, SMBs also manages the bulk of information each day which needs to be properly protected and backed up for recovery. But sometimes SMBs take a simplified approach for backup and recovery due to limited resources which can cause data recovery issues.
For example, tape backup often required periodic ‘base backup’ and ‘incremental backups.’ The data you need to recover might be in one of these backups, and you’d have to install and check these backups to recover your data which might get damaged.
To avoid all of such issues always ensure to choose a failsafe and reliable approach for data backups, such as keeping a combination of ‘base backup’ on a drive and rest of ‘incremental backups’ on a cloud storage sorted date-wise.
2. Make your data disaster proof
Disasters are instantaneous and uninvited which affects every person and organizations alike. To avoid damage from such calamities is to consider cloud storage backups which store data on off-site data centers. However, before choosing a vendor for cloud storage services do check for the data retention laws in that country.
For example, UK has just passed Investigatory Powers Act 2016 which requires companies to store data for 12 months and must allow access to any law enforcement agency.
3. Setup your data loss tolerance level
Data loss costs millions of dollars to businesses each year. Such huge costs can affect and cripple businesses severely, especially SMBs. While some data loss is inevitable, keeping a tolerance or severity level on data loss and determining the amount and type data depending on its sensitivity, and consequences is the key. It is recommended to look for solutions that automates backups per business schedules.
4. Determine endurance level upon data loss
Endurance level refers to how long you can operate without access to the lost data. The recommendation is a baseline of 24 to 48 hours and sorting your data into three categories.
- Data which you can live without.
- Data that is important and you need within 24 to 48 hours.
- Data that is crucial that you must need within 24 hours.
Prioritizing in such a way helps in organizing your data in circumstances of data loss.
5. Choose a right vendor
Choosing a right provider for data backup and recovery is crucial because sensitive and confidential information is involved. Before selecting a vendor, talk to former and existing customers about what type of data protection system they’d be most interested in.
Moreover, choosing a medium of data backup and recovery is also important, whether you want to backup in an old fashion way of DVDs or local hard drives or more advanced dedicated storage servers or cloud-based off-site data centers.
While considering off-site data centers make sure to check for regulatory compliance of the service with certified standards such as SAS 70, GLBA, HIPPA, SOX and ability to perform end-to-end-encryption.
6. Real-time application backup support
Most backups operations leave files that are in use during the backup. If your systems do not support this function, then your data is not safeguarded. Applications like Microsoft Exchange, VMware, Microsoft SQL requires specialized support, so be sure your vendor data protection systems can support such applications while performing backup.
7. Protect Mobile Devices
Ponemon Institute researched and surveyed 116 organizations in which 62 percent people reported lost or stolen mobile devices containing sensitive information. Only 49 percent of respondents were concerned with the protection of their mobile devices, and a mere 39 percent responded that their organizations have placed security measures to mitigate the risks.
Usually, employees bring their own device (BYODs) which places organizations at significant risks. The data protection systems should include security software such as VPN, antivirus, and malware to secure on-site data on the mobile devices on the go. Considering facts like the UK Investigatory Powers Act 2016 in effect, using best VPN service has become a necessity to protect your sensitive information from data breaches.
Data loss costs in millions of dollars on top of losing confidential information of your customers, so consider IT as your essential function and take necessary steps to ensure business continuity and data loss protection.
Peter Buttler is a professional security expert and lecturer. Follow him @peter_buttlr.
