Small and medium businesses are powered by information. Should your business lose that information or even suffer an interruption in access, it can have serious consequences. When it comes to protecting their electronic data, some SMBs feel they are at a disadvantage because they lack the large budgets and dedicated IT staff that many large enterprises enjoy. While this may be true, that doesn't detract from the fact that SMBs face the same fundamental data protection concerns as large businesses, as no business is too small to be immune to data loss. As the amount of data being created continues to increase, and that info is accessed and shared by more people, you can't afford to ignore the need for data protection.
According to a report released in March by the IT Policy Compliance Group
, 20% of organizations are suffering from 22 or more sensitive data losses per year. There are a number of ways in which a business' data can be lost, destroyed, corrupted, or rendered inaccessible. It can happen when a natural disaster – such as a hurricane or flood – occurs. Hardware failure or theft can also be to blame, as can external threats like viruses, worms, or hackers. File or software corruption can also affect data stability. However, the IT Policy Compliance group cites human error as the most common reason for data loss; unintentional user error and policy violations were the most common reasons.
Aside from good business practice, there may be more reasons to protect your data: regulatory obligation. Depending on the size and industry of your business, it may be subject to government regulations like HIPAA or Sarbanes-Oxley (SOX), which require businesses to employ strong data management and security measures. HIPAA regulations outline security procedures and solutions that healthcare-related businesses should use to protect private patient data. If you are a publicly traded company, or if you do business with a public company, then SOX requires you to keep stringent IT controls over financial records, and have the ability to provide records that demonstrate that IT control if requested.
In addition, if your business processes, stores, or transmits credit card numbers, then it is subject to the 12 security requirements imposed by the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS was created by the five major credit card companies as a way to protect card data by ensuring that merchants take steps to secure their IT networks and maintain control of the data at all times. The Standard explicitly requires use of firewalls, antivirus, network access control and network monitoring. Businesses that fail to comply face steep fines and could have their merchant account revoked.
Failing to comply with regulations is costly. However, the cost of losing customer's data (and their confidence in your business) can be even costlier. A report by the Ponemon Institute LLC
found the cost of dealing with a data breach rose by 30% in 2006. The study found that each lost customer record cost $182 on average. The average cost was derived from the activities surrounding a data breach, such as legal fees, audit and accounting fees, notification letters, phone calls and email. The loss in productivity while trying to recover the data is also a costly consequence. Ponemon's study also showed that lost customer opportunities cost companies $98 per lost record last year. These lost opportunities included turnover of existing customers and greater difficulty in acquiring new customers. In an era when data security is at a premium, customers are not very forgiving. If you lose your customer's data, you could very likely lose that customer. Ponemeon's report noted that many businesses don't improve their data security practices until after they suffer a breach – and that is a costly mistake many SMBs can't afford to make.
There are a few ways you can minimize the chances of data loss and boost recovery so you won't have to experience all the ways it can harm your business first hand.
- Viruses, worms, and other malware are still persistent pests in cyberspace, and antivirus software should always be in use to protect your systems from infection.
- Use encryption to prevent eavesdropping and to render data unreadable if someone steals it from your server.
- Ensure that only authorized users are accessing your data, and that your endpoint security policies are continuously enforced with network access control.
- Prevent malicious attacks from affecting your database and network through use of intrusion detection systems.
- In case your system or applications become corrupted, or you lose a server, a system recovery solution can perform full recovery in minutes (without one, rebuilding systems from bare metal can take hours or even days – time and resources you can't afford to waste) .
- Making regular data backups is important too. Today's disk based backup solutions are fast and efficient. For long term backup storage, you can still backup to tape and store it offsite.
Businesses of all sizes face similar issues when it comes to keeping data and systems protected and available. Data protection is emerging as one of the most critical tasks for IT. Exponential data growth, along with recently imposed regulatory requirements for data retention and availability are happening against a backdrop of increasing threats. Too many small businesses are vulnerable to data loss because they lack the solutions for proper data protection. Don't let your business be one of them.