IT departments looking to save time and money shouldn’t be doing this at the expense of their data protection. A study from the University of Texas showed that 43% of companies suffering from catastrophic data breaches were forced to close and never reopen, and 51% closed within two years.
Although all breaches are not the same, many of the causes are human-related and carry similar themes.
Trusting Co-workers to Follow Policies
The reality is that employees aren’t always great at following company policies, and even when they do, mistakes still occur. Automation enables some solutions. This, along with, strict enforcement of created policies and procedures, and retention enables data retrieval are key steps businesses need to consider.
Most companies have at least basic security solutions (firewalls and anti-virus applications) in place to defend against malware. But cybercriminals are becoming very adept at breaking through traditional cyberdefenses. IT professionals should evaluate their IT Infrastructure, identify areas of vulnerability and implement better security solutions to overcome them. These solutions include web-monitoring software for safe Internet usage, end-point protection for bring-your-own-device management and a sandbox to fight targeted attacks. From a backup perspective, the ideal approach is to operate backup and disaster-recovery solutions on a non-Windows operating system. Windows has long been one of cybercriminals’ favorite targets, and running protection software on an operating system which is relentlessly under attack just does not make sense.
Playing the Odds
Despite data-loss horror stories, many companies still don’t have disaster-recovery plans in place to protect data (customers, company & employee data) from natural and man-made disasters. Many companies that do have set policies have just one general set of guidelines that apply to all disaster situations. A strong plan focuses on people, infrastructure and processes, and clearly outlines how each is affected in different disaster scenarios.
Failing to Test Disaster-Recovery Plans
Failure to test disaster-recovery plans, or testing them infrequently, can greatly increase the risk of data loss in the event of a disaster. Since IT infrastructure evolves daily, thorough testing must be done on a consistent schedule as a standard business practice.
Transparency is key today. No matter whether the information loss is noticed right away or weeks afterwards, notifying the public and those affected is key to mitigating against negative outcomes for a business. Often companies will recover if they are candid with their customers and helpful with providing solutions to prevent identity thief or further breaches. Taking responsibility of the breach and disclosing exactly what information was breached can help tremendously against further damage.
CCNY Tech offers small businesses in Upstate New York ways to be proactive with their security measures, while being on-call to handle technical issues that come up. Contact a specialist at 315-724-2209 and ask about the exclusive TechAgent program that has been built around helping SMBs to increase uptime, while staying within budget.