|
Preserve and
Protect Your Data Summary
As the amount of data being created continues to
increase, and that info is accessed and shared by more people,
SMBs can't afford to ignore the need for data protection.
 Small and medium businesses are powered
by information.
Should your business lose that
information or even suffer an interruption in access, it can
have serious consequences. When it comes to protecting their
electronic data, some SMBs feel they are at a disadvantage
because they lack the large budgets and dedicated IT staff
that many large enterprises enjoy. While this may be true,
that doesn’t detract from the fact that SMBs face the same
fundamental data protection concerns as large businesses, as
no business is too small to be immune to data loss. As the
amount of data being created continues to increase, and that
info is accessed and shared by more people, you can’t afford
to ignore the need for data protection.
According to a
report released in March by the IT Policy Compliance Group,
20% of organizations are suffering from 22 or more sensitive
data losses per year. There are a number of ways in which a
business' data can be lost, destroyed, corrupted, or rendered
inaccessible. It can happen when a natural disaster—such as a
hurricane or flood—occurs. Hardware failure or theft can also
be to blame, as can external threats like viruses, worms, or
hackers. File or software corruption can also affect data
stability. However, the IT Policy Compliance group cites human
error as the most common reason for data loss; unintentional
user error and policy violations were the most common
reasons. Regulatory
reasons
Aside from good business practice, there may
be more reasons to protect your data: regulatory obligation.
Depending on the size and industry of your business, it may be
subject to government regulations like HIPAA or Sarbanes-Oxley
(SOX), which require businesses to employ strong data
management and security measures. HIPAA regulations outline
security procedures and solutions that healthcare-related
businesses should use to protect private patient data. If you
are a publicly traded company, or if you do business with a
public company, then SOX requires you to keep stringent IT
controls over financial records, and have the ability to
provide records that demonstrate that IT control if
requested. In addition, if
your business processes, stores, or transmits credit card
numbers, then it is subject to the 12 security requirements
imposed by the Payment Card Industry Data Security Standard
(PCI DSS). The PCI DSS was created by the five major credit
card companies as a way to protect card data by ensuring that
merchants take steps to secure their IT networks and maintain
control of the data at all times. The Standard explicitly
requires use of firewalls, antivirus, network access control
and network monitoring. Businesses that fail to comply face
steep fines and could have their merchant account
revoked. The high cost of
data loss
Failing to comply with regulations is
costly. However, the cost of losing customer's data (and their
confidence in your business) can be even costlier. A report by
the Ponemon Institute LLC found the cost of dealing with a
data breach rose by 30% in 2006. The study found that each
lost customer record cost $182 on average. The average cost
was derived from the activities surrounding a data breach,
such as legal fees, audit and accounting fees, notification
letters, phone calls and email. The loss in productivity while
trying to recover the data is also a costly consequence.
Ponemon's study also showed that lost customer opportunities
cost companies $98 per lost record last year. These lost
opportunities included turnover of existing customers and
greater difficulty in acquiring new customers. In an era when
data security is at a premium, customers are not very
forgiving. If you lose your customer's data, you could very
likely lose that customer. Ponemeon's report noted that many
businesses don't improve their data security practices until
after they suffer a breach—and that is a costly mistake many
SMBs can't afford to make.
There are a few
ways you can minimize the chances of data loss and boost
recovery so you won't have to experience all the ways it can
harm your business first hand.
- Viruses, worms,
and other malware are still persistent pests in cyberspace,
and antivirus software should always be in use to protect
your systems from infection.
- Use encryption
to prevent eavesdropping and to render data unreadable if
someone steals it from your server.
- Ensure that only
authorized users are accessing your data, and that your
endpoint security policies are continuously enforced with
network access control.
- Prevent
malicious attacks from affecting your database and network
through use of intrusion detection systems.
- In case your
system or applications become corrupted, or you lose a
server, a system recovery solution can perform full recovery
in minutes (without one, rebuilding systems from bare metal
can take hours or even days—time and resources you can't
afford to waste) .
- Making regular
data backups is important too. Today's disk based backup
solutions are fast and efficient. For long term backup
storage, you can still backup to tape and store it offsite.
Conclusion
Businesses of all sizes face similar issues when it comes
to keeping data and systems protected and available. Data
protection is emerging as one of the most critical tasks for
IT. Exponential data growth, along with recently imposed
regulatory requirements for data retention and availability
are happening against a backdrop of increasing threats. Too
many small businesses are vulnerable to data loss because they
lack the solutions for proper data protection. Don't let your
business be one of them.
Related Links
|
