Small businesses technology and business leaders may feel as though their data is safe, but nothing could be further from the truth. According to SmallBizTrends.com, nearly 43% of phishing campaigns are targeted specifically at small businesses, a dramatic increase from 18% in 2011. Unfortunately, a 2017 report from Keeper Security also shows that the greatest cybersecurity threat to small businesses is their employees, with more than 54% of data breaches caused by employee or contractor negligence. Protecting the data within your organization is crucial, and the costs that are associated with a data breach continue to rise. Small businesses are increasingly focused on ways to mitigate the risk associated with data storage and use and that often starts with having a comprehensive backup and data recovery process in place. Here are some suggestions from industry leaders on how to protect your critical small business data from a cyber attack or other loss of access.
Your business data is arguably your most important digital asset and one that is accessed hundreds or even thousands of times each day. Your employees utilize business data from a variety of systems to look up customer orders, create POs and track shipments while consumers are online placing orders and tracking status. Until you truly experience a major loss of data access, you may not realize the crippling effect that it would have on your organization’s operations.
The first hit that you would feel with the loss of access to your data is in the productivity of your teams. Workflows grind to a halt as employees scramble to figure out how to perform their daily activities without access to the information that they take for granted. In many businesses, the data stored within your CRM or other data repository is driving your website, meaning ordering comes to a crashing halt should the secure connection to your data falter. Technology teams scramble to figure out where the problem lies, putting all other IT needs on the back burner for the foreseeable future. Plus, your team may need to call in consultants to help identify a breach and begin remediation as quickly as possible. If your team identifies that a breach has occurred, you may have to report to customers and stakeholders that sensitive data has been accessed by unauthorized parties. This can devolve into trust issues with your business, negative publicity and ongoing loss of revenue even while you’re attempting to return to operational readiness.
Business data structures often grow organically, with additional databases and information structures added over time. While this may make sense as you’re bolting systems together, eventually it can become an unruly tangle of disparate systems that makes security and data integrity more challenging for your teams. A regular review of business systems with an eye towards data consolidation is a project well worth considering as your timeline permits. It’s often helpful to work with a trusted technology partner to ensure that you are considering all the options that are available for the security of your data both in transit and at rest.
There are a variety of protections that you can put in place to maintain both access to your data as well as its integrity. Creating a robust backup and disaster recovery process allows your team to define the best case scenario for data backups — local only, short-term local with a regional cloud-based backup or cloud only. There are dozens of different ways you can configure your backup process, but what’s important is that it meets the needs of your business both now and in the future. When you have a documented backup and disaster recovery process in place and test it on a regular basis, you have added peace of mind that your small business data is protected and quickly accessible in the event of a cyberattack or natural disaster.
As your business matures, it’s imperative that you create a review schedule to assess and manage your cybersecurity risks. This includes everything from monitoring employee activity logs to protecting passwords to educating staff members and contractors against tapping, clicking or interacting with suspicious website content or email attachments. Data encryption, email and web filters and the regular application of patches to your servers and applications can also help reduce the risk of a cyberattack on your small business. Sometimes, the challenge is as simple as assuring that you have redundancies on your power supply so you don’t run the risk of losing servers during a power surge. Other remediation issues can be much more intensive, but putting together a full list of options helps you understand and ultimately reduce the risk to your organization.
Your data is being bombarded with threats on all sides, and it’s up to your technology team to help protect your organization. Creating a robust backup and disaster recovery plan with a trusted technology partner can help you walk through an audit of all pertinent systems and quickly identify problems that can be resolved quickly and define a strategy for ongoing review and support. Without access to your data and business information systems, you can quickly find that your organization is grinding to a slow and painful halt.