Small and midsize businesses lose, on average, about $500,000 per cyberattack. This cost includes lost revenue, customers, market opportunities, and clean-up expenses.
Minimizing your cyber risk exposure is key to securing your small business. But it can be challenging for a couple of reasons:
- The risk landscape changes frequently because of the adoption of new technologies such as the Internet of Things (IoT) and artificial intelligence (AI).
- New defense technologies, such as security analytics, are complex and costly to adopt.
Small businesses that are not aware of the latest cyber risk management trends will be not be able to defend themselves against future attacks. You should invest in the right security technologies such as data protection and security automation to secure your business for the future.
Data is the lifeblood of all businesses. You can’t survive without critical data assets such as customer data, intellectual property, and competitor intelligence.
However, the growing volume, velocity, variety, and value of data increases the security risks of storing and sharing it. Though data security is critical, 47 percent of small businesses say they don’t have enough resources or time to improve their practices.
Small businesses could lose $30,000 to $120,000 in clean-ups and regulatory fines if they don’t secure critical data using encryption, backup, or other data protection technologies.
In this article, we will take you through the different data protection technologies that small businesses must research and adopt.
Data backup and recovery are lifelines in data breach/loss
Data is your most important business asset. So much so that 70 percent of small firms that experience a large data loss incident go out of business within a year. And just because they hadn’t backed up their data nor implemented disaster recovery plans.
Data backup involves keeping an extra copy of your information. Meanwhile, data recovery techniques enable you to retrieve and work on the copy during a data loss incident to reduce downtime.
Most data backup software have built-in data recovery options, which is ideal for small businesses. They get two critical data protection technologies—backup and disaster recovery—at a lower price.
Insights from a Small Business Trends report (Source)
Many firms still use USB drives and external hard drives to keep data copies. Though you can quickly restore data, USB drives are a security threat. Hackers and rogue employees use them to spread malware or steal data. There’s also the risk of losing these drives. Therefore, small businesses must adopt foolproof data backup and recovery technology.
Over the years, several improvements have been made to data backup techniques—faster speed of copying, recovery point objective (RPO), and recovery time objective (RTO). Some of the newer data backup technologies include the following:
- Cloud backup: Also known as online data backup, it stores a copy of the data on remote or offsite servers. Based on where you store the data, copy your on-premise data to the cloud or opt for cloud-to-cloud backup. This technology is much cheaper than many on-premise storage options. It offers disaster recovery capabilities, making it ideal for small businesses. Cloud backup software also allow you to backup data from mobile devices.
- Software-defined storage: The software manages data storage resources and functionality, irrespective of its underlying physical storage hardware. Software-defined storage tools can be hosted on physical servers or virtual machines, from where users can control multiple storage resources. It also provides features for data storage policy management such as deduplication, replication, snapshots, and backup.
- Hard disk and solid state drives: Disk drives are a quick and reliable means of local storage. Hard disk drives are widely used as they store terabytes of data and cost less than cloud storage. However, they don’t have easy recovery options and the disks could be lost or destroyed. On the other hand, solid state drives are more advanced (and expensive), support quicker copying of data, have longer lifespans, and lower failure rates.
3-2-1 backup strategy
To ensure zero data loss, consider backing up one copy in the cloud and one on a local storage device. The 3-2-1 backup rule is a tested strategy that instructs you to keep:
- 3 copies of your data (including your original copy)
- 2 local copies on different storage systems
- 1 backup off-site on cloud servers
Key features of data backup and recovery
The following features of data backup technologies make them highly beneficial to small businesses:
- Continuous/Automatic data backup: It ensures that the changes you make to your files are simultaneously copied to the storage location. This lets you recover even the most recent changes in case of data loss, thus lowering your recovery point objective.
- Incremental backup: This is a type of backup where only the changes are copied, not the full file. This reduces the time taken for copying data and does not slow down your work.
- Instant recovery: This feature allows a backup snapshot to run temporarily on secondary storage to reduce the downtime of an application.
- Data deduplication: It eliminates duplicate data record blocks while data is transferred to the backup storage location. This reduces the network load and the storage space you require.
- Error-free copy: Data backup software features also ensure that the data copied from a source and stored at the backup server are the same and don’t mismatch nor contain errors.
Benefits of cloud data backup
Cloud data backup tools offer many advantages such as accessibility, ability to tackle corrupted documents, and file recovery. The following graphic summarizes the primary benefits of using this software.
Relevance for small businesses: HIGH
Humans generate about 2.5 quintillion bytes of data every day, with 90 percent of all the data in the world generated in just the last two years!
Even if small businesses contribute just a fraction to this data, it’s still a large number. Therefore, protecting this data from loss or corruption is important and requires backup tools.
78 percent of small businesses are expected to back-up their data to the cloud by 2020.
If you don’t want your small business to be left behind, follow the steps we recommend in the next section to build your data backup strategies.
Recommended actions for small business data backup
Here’s where you should start:
- Prepare a data backup plan: This is the first step. Your backup plan should identify critical data assets that need to be continuously backed up. Decide which data items to back-up on the cloud and which to back-up locally. Super-critical data, such as system information that needs to be accessed quickly in case of an emergency, is best stored on-premise on tapes or disks.
- Shortlist and sign on data backup vendors: Once you have your backup strategy in place, shortlist data backup vendors based on your requirements for storage space, speed, RPO, RTO, and costs.
Top data backup vendors based on average user review score on GetApp (as of February 2019)
For a longer list of data backup vendors, visit GetApp’s backup directory. You can filter and shortlist suitable vendors based on the features, budget, geography, deployment model, etc.
Cloud data protection technologies are a must-have
Ninety-six percent of businesses use cloud technology for running applications and storing data. With a majority of your data stored on public clouds, it’s important to take measures to protect it.
Cloud data protection technologies ensure that data stored or being transferred to the cloud isn’t hacked, tampered with, or stolen. These tools also help you comply with regulations, such as GDPR and CCPA, which require you to secure data and ensure privacy.
There’s a wide range of cloud data protection technologies offering different levels and types of protection. In the upcoming section, we discuss some of the major cloud data protection technology features.
Key features of cloud data protection technologies
In this section, we have listed the must-have cloud data protection technology features for small businesses. While many cloud service providers (CSPs) offer some of these features, evaluate the strength of each feature and, if needed, add your own security controls to further boost the protection levels.
- Encryption: A comprehensive encryption of the files is the backbone of all cloud security measures. Even if your CSP encrypts the stored data, add further encryption to hide the data being uploaded to the cloud. Ensure that the data at rest and the data in transit is encrypted to minimize data breach/loss.
- Tokenization: This process substitutes a sensitive data element with a non-sensitive equivalent, called a token. The token acts as a placeholder while the sensitive data is stored at a different location. Unlike encryption, tokenization can’t be reversed. It’s primarily used to store sensitive financial data. Regulatory bodies, such as the PCI security standards council, view this as a more secure form of data protection.
- Endpoint security: You must secure end-user devices that access cloud-based resources to ensure that they aren’t targeted by hackers. Firewalls and anti-virus solutions can help you protect your end-user devices that subscribe to IaaS, SaaS, or PaaS tools.
- Authentication and access controls: These tools ensure that only authorized people have access and modification rights to your cloud data. This maintains data integrity and reduces data theft. Privileged access management tools verify users’ identity and allow only authorized persons to view or modify data.
In addition to a few features discussed here, CSPs may also offer limited data backup and recovery features. Check out the security features offered by your CSP before signing up for additional cloud security tools.
Note: Some of the technologies discussed above may also be available as standalone tools.
Benefits of cloud security software
The primary benefits of these solutions are improved data security through encryption and access controls, regulatory compliance, as well as better visibility over data protection measures. We’ve listed the benefits in the following graphic for your benefit:
Relevance for small businesses: HIGH
Seventy-five percent of small and midsize businesses expect to move most of their applications to the cloud by 2020. Running daily operations on the cloud requires small businesses to invest in cloud security or face a high risk of hackers stealing or tampering with their valuable data.
The increased use of SaaS applications to store critical business information makes cloud data protection technologies a must-have for small businesses.
Recommended actions for small businesses
- Understand security features of cloud providers: Many providers offer security features, such as encryption and anti-malware tools, with data storage options. Understand how well these work, the terms and conditions, and additional costs of accessing the cloud provider’s security features. Consult security experts to find the essential cloud security tools for your business.
To know more about security risks of cloud computing and how to mitigate them, read our report on how to avoid the biggest risks of cloud computing.
- Invest in cloud security technology solutions: Cloud applications easily integrate with other apps and support data transfers. Employ experts to identify ways of protecting your data when at rest or in transit. To find out which cloud security software tools suit your business, check out our software directory. Filter the products based on features, costs, subscription models, etc. Also, read user reviews to see how real users feel about each product.
Blockchain is the new technology to improve data security
Blockchain is a revolutionary technology that’s expected to strengthen data security, integrity, and authenticity. It innovates the way data is stored and controlled by making it almost tamper-proof.
Blockchain is a distributed ledger that adds new records with timestamps and reference links to the previous entries. All records in a blockchain are secured using cryptography, each member of the network verifying the veracity of the data using private, public, and receiver keys. Once the data is added to the blockchain, it can’t be altered or tampered.
However, this technology is yet to achieve mainstream adoption. Knowing the key features and benefits of blockchain will help you prepare your business to seamlessly adopt the technology when it matures.
Key features of blockchain technology
The following features of blockchain make it useful for data security:
- Decentralization: Instead of uploading data to a cloud server or storing it in a single location, blockchain breaks it into chunks and distributes it across a network of computers. Each computer or node on the network will have a copy of the data. This makes manipulating data on the blockchain almost impossible.
- Encryption: The data added or stored on a blockchain network is encrypted. The technology uses cryptography methods, such as public keys, to protect user identities and ensure secure transactions.
- Validation: The blockchain model allows you to easily validate the stored data because of its distributed nature. You can check file signatures across ledgers on all the nodes in the network and verify that the data hasn’t been changed.
Benefits of blockchain technology
This technology offers various advantages in data protection such as reliability, tamper-proof data security, and transparency.
Relevance for small businesses: LOW
Blockchain technology is still being tested for different business use cases. Running a blockchain network requires powerful computing resources. That’s one reason why it’s expensive. You could also face technical and other issues, such as application incompatibility and regulatory concerns, during implementation.
Blockchain isn’t ready for small business adoption. According to Gartner’s Hype Cycle for Data Security (report available to only Gartner clients), blockchain for data security will reach maturity and widespread adoption in the next 5 to 10 years.
Recommended action for small businesses
Study blockchain use cases. Many data security applications are integrating blockchain technologies into their architecture. Enterprise businesses are also experimenting with blockchain-based data security possibilities. However, we advise small businesses to familiarize themselves with blockchain by studying its use cases or as proofs of concept.
5 Blockchain application use cases in finance for small businesses
Next steps: Classify your data and educate employees
Here’s how you can secure your small business data assets further:
- Classify data: 50 percent of SMBs don’t know what GDPR is”. You can also use varying data protection technology levels to secure different data types.
- Adopt necessary data protection technologies: multi-factor authentication, and privileged access management tools. Work with your IT team or consult with security experts to identify which data protection technologies work best with each class of data.
- Educate your employees: 42 percent of data breaches at small businesses are caused by risky employee behavior. Educate your employees about data privacy policies and train them on best practices for security hygiene such as identifying phishing attempts, using social media platforms, and working with data protection technologies like backup and disaster recovery.
Ready to shop for software?
Many small business owners often select off-the-shelf IT security software installed by one-time vendors. They believe that this secures their systems.
What they forget is that the security threat landscape is constantly changing, with hackers trying new tactics such as using AI to hack smart devices. This means small businesses have to continuously update, manage, and scale their IT security systems.
But with limited security expertise, resources, and budgets, small businesses like yours will be find it tough to strengthen and manage your cyber defenses.
Employing managed security service providers (MSSPs) to monitor IT networks, detect threats, and manage systems ensures up-to-date security infrastructure. Your small business will be better protected from cyber risks than others that manage security in-house with insufficient resources and expertise.
There will be 20 billion IoT devices by 2020, according to Gartner.
IoT devices are physical objects embedded with sensors that can connect to an IT network and communicate with other devices and software applications such as mobile phone apps, desktops, printers, and other office/home appliances.
Imagine your surveillance cameras, air conditioners, coffee machines, and office equipment having sensors and actuators to monitor, communicate, and control their own actions. Pretty cool, right? Maybe … maybe not.
Too many businesses have old desktops stuffed into closets, decommissioned servers sitting in a warehouse, or useless CRT monitors taking up space in a storage locker across town. As technology evolves faster and faster, companies pile up ever-increasing piles of obsolete IT assets.
In recent years, cloud storage and software-as-a-service (SaaS) solutions that store data off site have rendered many onsite storage devices bulky and unnecessary. Desktops have been replaced by laptops and tablets. Even the utilitarian flash drive has been usurped by cloud-based solutions such as Dropbox.
Getting rid of old computers and other IT assets involves risk to intellectual property, regulatory compliance, and the environment. Small businesses must create a process that ensures IT assets are dispositioned in a manner that maximizes data security while minimizing environmental impact.
So how do I get rid of all these old computers?
One option is to hire an IT asset disposition (ITAD) vendor. These companies take end-of-life IT assets, securely delete any stored data, and dispose of them in an environmentally responsible manner. While this might seem like an easy choice, you must choose a reputable company and consider a range of factors including transportation and data destruction practices. We’ll come back to ITAD options later in the piece.