Every company bigger than a lemonade stand has some sensitive data to protect. It may be privately held information about the company’s own formulas and financials, or it may be customer credit card numbers, health records, or other personal data. Cyber crime, fueled by the marketplace on the dark web, continues to grow. In 2017, over 178 million records were exposed due to data breaches and a study by Accenture found that the number of these breaches increased by more than 27 percent just in the last year. By 2021, the worldwide cost of cyber crime is expected to exceed $6 trillion annually, a doubling of 2015’s figure of $3 trillion. Furthermore, CSO Online notes that this represents “the greatest transfer of economic wealth in history.”
Expensive legal complications often follow in the aftermath of cyber crime, as victimized customers look for recompense. Government penalties can be levied on financial or medical providers that didn’t comply with detailed security protocols. Even if no data is stolen, an online business can lose money and credibility if its website goes down for more than a few minutes.
Potential Trouble Comes From Many Directions
While cyber crime may be the most talked-about hazard, information loss can arise from a range of other sources as well. Natural disasters such as earthquakes, fires and floods can wreak havoc on all electronics, disrupting wireline internet connections and damaging servers. Even some data protection programs can lose crucial information when the connecting link goes away. Power surges happen, wiping out hard drives. Employees leave phones on the subway or spill coffee on their laptops. Competitors have been known to steal unprotected company secrets. Although criminal attacks usually come from outside the company, internal hacking is not unknown. Furthermore, inadequately-trained employees can open the doors to hackers by falling for phishing emails or opening unsafe attachments.
Why Protecting Data is Crucial
Backing up data and recovering from a disaster involve two separate types of planning, although they can overlap. Companies need to have a method in place to save critical information in case of a data breach or lost connection, and they also need a plan for how they’ll access that information quickly and safely. Without an effective plan in place, a business may well find itself suffering drastic financial consequences. The average cost of a data breach in 2017 is estimated to be $3.62 million.
Worst of all, inadequate protection may result in a company not even being aware they’ve been invaded. Cyber security analyst Steve Morgan notes that World Economic Forum research has found that “a significant portion of cyber crime goes undetected, particularly industrial espionage where access to confidential documents and data is difficult to spot.”
How IT Companies are Meeting These Needs
When companies first consider instituting a plan for backup and recovery, they may assume that such a plans are relatively standardized. However, the approaches to backing up data or preparing for disasters are as varied as each company. The only way for a company to know what type of backup plan is best for them is to have a needs assessment conducted by an IT specialist.
Identifying a Company’s Security Needs
One of the first steps in a needs assessment is a determination of whether the company needs continuous live data protection, or whether occasional snapshots will suffice. The assessment will also identify their Recovery Point Objective (RPO) and the Recovery Time Objective (RTO). The RPO refers to the specific set of data that is needed in order to resume business; for example, it may not include certain archives. The RTO is how long the company can afford to be off-line. Companies should decide whether they need instant access to email or user folders, for example. The profile of needs that is developed through this exploration will determine the eventual of backup and data recovery plan. If some records are still kept on paper, a recovery plan will also include a method for protecting them.
Establishing Appropriate Access and Storage Protocols
Strict control over access to organizational data is a foundational element of building data security. This includes governance of authentication and authorization; that is, a way to authenticate the user’s true identity, and a method of determining whether that user is allowed to conduct the transaction that they are attempting.
Location of sensitive data is equally important. Cloud and on-site storage each have unique advantages and disadvantages, and an effective emergency plan should ideally make use of both. Storing information remotely is a good way of protecting it from physical accidents. Storing information locally, on the other hand, is helpful for quick recovery, if a company’s cloud systems have suffered a cyber attack.
Notification, Recovery, Education and Prevention
Recovery plans also include a notification procedure. Whether there’s been a physical disaster or a cyber invasion, companies need a method of contacting key partners and affected customers. An IT company can also help strengthen communication channels, deploying encryption software that provides maximum protection with the minimum employee learning curve. Many companies hire outside experts to come in and provide employee education, as well as recommending appropriate insurance coverage. The mere act of having a well-designed disaster recovery plan can lower a company’s insurance rates.
Human error, natural disaster, and criminal acts can all have a devastating impact on a business’s bottom line. IBM CEO Ginni Rometty has warned that “Cyber crime Is The greatest threat to every company in the world.” For this reason, robust backup and disaster recovery plans are basic necessities for a business. Engaging IT professional help to develop a multi-layered protection plan against data loss is a business investment with a compelling ROI.