Posts

5 data loss nightmares you can learn something from

No one wants their data lost, stolen, breached, or corrupted … especially if this data incorporates sensitive information.

Like social security numbers.

In this case, the data loss would be less than ideal.

But after the latest round of massive data breaches, most people have almost become desensitized to data loss. After that Equifax breach, it can’t really get any worse, now can it?

Maybe. Maybe not.

However, as a business professional, it’s still your responsibility to protect your company’s data — whether data loss is considered normal or not. And it’s not just breaches you have to worry about. In the Equifax breach, data was simply “exposed.” The data is still there; it’s just also in other places. Nonetheless, the majority of people will lump it into a “data loss” category.

On top of breaches, however, a company needs to worry about cyber attacks that actually take your data (not just expose it). This could be something like ransomware — a threat that encrypts all of your data. Or a run-of-the-mill virus that corrupts your data and makes it indecipherable.

But again, cyber threats aren’t the only things on the data loss block. You also have to think about accidents, natural disasters, hardware malfunctions, and software issues. Each situation is more than capable of taking your data and making it look like it never even existed.

Here are 5 real-life examples of data loss nightmares.

Daily Mail

Daily Mail repeatedly reports on companies that lose data. They detail the events and criticize from afar. So when Daily Mails publisher, Associated Newspapers, lost a laptop that contained the sensitive, personal information of thousands of staff members, it was their turn to be criticized.

While the laptop was password-protected, this doesn’t mean the laptop would have been impossible to crack. In the right hands, the names, addresses, and banking information of the affected staffers would have been more than accessible. In fact, to this day, there’s no saying that someone can’t log into the missing computer and maliciously use the information contained on the device.

At the end of the day, a lost device is considered a form of data loss. And in some cases, data loss that stems from a lost or stolen device can be hard to recover from. Imagine if that laptop contained data that was not backed up and hard to replicate.

T-Mobile’s Sidekick

Hardware malfunctions are not fun, especially if those malfunctions have anything to do with your server. At this point, it can quickly go from not fun to reputation damaging, and in 2009 T-Mobile was unlucky enough to feel the sting of a server malfunction.

Back then, Danger was a company owned by Microsoft. It was responsible for making the once popular Sidekicks for T-Mobile. Sidekick data was not stored locally and instead, was stored in the cloud on Microsoft’s servers.

Apparently, a server malfunctioned, which resulted in massive data loss. As a consequence, the majority of Sidekick users lost photos, contacts, calendar entries, and more. It was a dire situation for T-Mobile, especially once it was brought to everyone’s attention that T-Mobile did not have a redundant backup solution.

They were forced to release an embarrassing public apology that gave Sidekick users absolutely no hope for recovery. Instead, they provided helpful tips to “help you rebuild your personal content.”

Ashley Madison

Data breaches don’t always occur for the sake of money. Sometimes, it’s just people looking to stir up some drama — which happened with Ashley Madison back in 2015.

This website isn’t known for anything particularly good. In fact, its tagline is, “Life is short. Have an affair.” It’s not exactly a company that people will openly admit to being involved with. But nonetheless, Ashley Madison users weren’t given very much choice in the matter when hackers discovered a vulnerability in the way login information was stored.

After this vulnerability was discovered and the hackers dumped the personal information of Ashley Madison users on the internet, people were not happy and the company itself was not in a good position.

As a result of the multiple data dumps, people lost their jobs, and others started looking for someone to sue.

National Archives and Records Administration

Daily Mail wasn’t the only business to suffer from data loss as the result of lost or stolen hardware. In 2009, the NARA (National Archives and Records Administration) also suffered the same fate.

But instead of a laptop, an external hard drive went missing. This specific hard drive contained the personal information of people who may have worked or visited the White House during the Clinton administration.

The NARA had to send out more than 15,000 letters to the individuals who may have been affected by the missing hard drive. They notified them of the data breach and offered one year of free credit monitoring services — a service that could definitely get expensive, especially when you’re talking about tens of thousands of people.

And things get even more expensive when you think of the manhours it took to rebuild that lost data (if that was even possible).

The England Prison System

A few years back, a prison in England sent the records of 84,000 prisoners to a consultant firm they had partnered with. Afterwards, an employee at the consultant firm decided it was a good idea to download all of those records onto a personal USB drive.

And of course, that USB drive was lost a few days later.

While this isn’t exactly the prison’s fault, it’s still considered their responsibility, and at the end of the day, the public blames the prison for the loss of data.

Ultimately, this should be a lesson — never partner with a company or person you can’t trust with your sensitive data.

 

These examples of everyday data loss should make it obvious that properly backing up your data is more important than ever. Data loss can happen for a variety of reasons, and no business or industry is immune to these reasons.

If you’re looking for help securing and backing up your data, then give us a call or send us a message today. Here at Cognoscape, we specialize in data backup and recovery, and we’d love to talk to your business about securing its data.

hardware in trash can

Data Loss Examples: 4 everyday threats to your data

Recently, we covered five real-life data loss nightmares. From online dating and government agencies to hardware manufacturers and news agencies, these five data loss examples span a variety of industries.

The consequences of the data loss that stemmed from these five examples were devastating, crippling reputations, pocketbooks, and futures. However, these examples still might not be enough to showcase the “everyday” reality of data loss for working professionals.

So let’s take a moment to discuss 4 everyday threats to your data.

Lost Devices

Like with the Daily Mail incident (a lost laptop) and even with the situation involving the English prison system (a lost USB drive), a lost (or stolen) device won’t just set you back financially. In reality, this is one of the simplest ways for your company to fall victim to data loss.

When you consider the number of employees using personal devices to access work data, this threat of potential data loss becomes even greater and in turn, even scarier. Lose the wrong device with the right data on it and your business could suffer from data loss that is either impossible to recover or that eventually exposes the sensitive information of partners, clients, employees, or all of the above.

(P.S., It’s not just devices you have to worry about losing. What happens if you misplace a sensitive document?)

Accidents

At the end of the day, losing a device is an accident. But that’s not the only type of accident that leads to data loss.

Have you ever accidentally deleted something? Maybe that time you were able to recover the lost data … but what about next time? Or the time after that?

Accidents are a leading cause of data loss in the professional world because you can’t always hunt down a deleted document in the Recycle Bin. In most cases, this data is dumped after a few months and overwritten by new data.

For example, what if someone unknowingly deletes a sensitive work document? Let’s say that a few months later, another person requires that deleted document for an important task. What happens then?

At this point, the data is already long gone and overwritten — which means that, unfortunately, that person is out of luck.

Hardware Malfunctions

Hardware isn’t always reliable. More specifically, hard drives stop working all the time, making loads of data inaccessible in the process.

In fact, malfunctioning hardware isn’t just a leading cause of data loss; it’s the leading cause of data loss. Because of this, keeping hardware healthy and in prime condition has become a necessity for many companies across the world.

This being said, hardware malfunctions can’t always be avoided. Some are inevitable and can be the direct result of a water leak, power outage, or even a tiny bump.

Malware and Hackers

While completely losing your data to hackers and malware isn’t exactly considered an “everyday” occurrence, having it breached is a different story. At this point, your data isn’t exactly lost, but it’s certainly been seen and handled by malicious actors — like it was a few years ago with Ashley Madison and like it currently is with Equifax.

But then again, we now have ransomware to consider. Now this is a form of malware that will take your data and make it inaccessible, resulting in true-to-form data loss. Sure, if you pay the fine, you might get your data thing — but that’s not a definite reality. It could be gone forever.

If you’d like to learn more about data loss and it how happens to businesses, then check out our report on 5 Data Loss Nightmares. You’ll pick up some interesting facts and learn how to better protect your data in the process.

Data Loss Can Cause You To Shut Down

52Small and medium sized businesses today are relying more than ever on IT systems to efficiently run their business, support customers and optimize productivity. These systems house sensitive digital data ranging from employee and customer information, to internal emails, documents and financial records, sales orders and transaction histories. This is in addition to applications and programs critical to daily business functions and customer service.

While corporate-level data losses and insider theft are well publicized, many smaller businesses have also become casualties of data loss and theft. Following a significant data loss, it is estimated that a small-to-medium sized business can lose up to 25% in daily revenue by the end of the first week. Projected lost daily revenue increases to 40% one month into a major data loss.

According to The National Archives & Records Administration in Washington, 93% of companies that have experienced data loss, coupled with prolonged downtime for ten or more days, have filed for bankruptcy within twelve months of the incident while 50% wasted no time and filed for bankruptcy immediately. Finally, 43% of companies with no data recovery and business continuity plan actually go out of business following a major data loss.

Still, a survey conducted by Symantec SMB revealed that fewer than half of SMBs surveyed backup their data each week. Only 23% of those surveyed said they backup data every day and have a business continuity plan in place.

Businesses play on a much bigger playing field than they did two decades ago. Any disruptive technological event – even the smallest of incidents – can have an amplified impact on day-to-day business and profitability. Being proactive with data recovery solutions, and having emergency response procedures in place prior to a disruption or data disaster, is the only way to minimize downtime and soften the impact of such events. CLICK HERE for a free network assessment.

Why SMBs Must Proactively Address the Threat of Mobile Hacks

70More cyber criminals are targeting small-to-medium sized businesses. One reason for this is too many workplaces have insufficient bring-your-own-device (BYOD) policies in place. Some have none at all. Although firms are generally more knowledgeable about network security risks than in years past, they still woefully underestimate the security vulnerabilities linked to mobile devices like smartphones and tablets.

This is a real cause for concern since data breaches have the ability to put many already financially challenged SMBs out of business.

If customer/client data has been breached, there could be potential litigation costs, and naturally, lost goodwill and an irreparable hit to brand or company reputation.

Don’t Just Say You’re Worried About the Bad Guys… Deal With Them

SMBs say they view network security as a major priority but their inaction when it comes to mobile devices paints a different picture. An April 2013 study found that only 16% of SMBs have a mobility policy in place.

Despite the fact that stolen devices are a major problem in today’s mobile workforce, only 37% of mobility policies enforced today have a clear protocol outlined for lost devices. Even more troubling is the fact that those firms who have implemented mobility policies have initiated plans with some very obvious flaws.

Key components of a mobility policy such as personal device use, public Wi-Fi accessibility, and data transmission and storage are often omitted from many policies.

Thankfully, most SMB cybercrimes can be avoided with a comprehensive mobility policy and the help of mobile endpoint mobile device management services.

A Mobility Policy Is All About Acceptable/Unacceptable Behaviors

Your initial mobility policy doesn’t have to be all encompassing. There should be room for modifications, as things will evolve over time. Start small by laying some basic usage ground rules, defining acceptable devices and protocols for setting passwords for devices and downloading third-party apps. Define what data belongs to the company and how it’s to be edited, saved, and shared. Be sure to enforce these policies and detail the repercussions for abuse.

Features of Mobile Device Management Services

MDM services are available at an affordable cost. These services help IT managers identify and monitor the mobile devices accessing their network. This centralized management makes it easier to get each device configured for business access to securely share and update documents and content. MDM services proactively secure mobile devices by:

  • Specifying password policy and enforcing encryption settings
  • Detecting and restricting tampered devices
  • Remotely locating, locking, and wiping out lost or stolen devices
  • Removing corporate data from any system while leaving personal data intact
  • Enabling real time diagnosis/resolution of device, user, or app issues

It’s important to realize that no one is immune to cybercrime. The ability to identify and combat imminent threats is critical and SMBs must be proactive in implementing solid practices that accomplish just that.

CLICK HERE for a free technology assessment.

Just Because You’re Not a Big Target, Doesn’t Mean You’re Safe

69Not too long ago, the New York Times’ website experienced a well-publicized attack, which raises the question – how can this happen to such a world-renowned corporation? If this can happen to the New York Times, what does this bode for the security of a small company’s website? What’s to stop someone from sending visitors of your site to an adult site or something equally offensive?

The short answer to that question is nothing. In the New York Times’ attack, the attackers changed the newspapers’ Domain Name System (DNS) records to send visitors to a Syrian website. The same type of thing can very well happen to your business website. For a clearer perspective, let’s get into the specifics of the attack and explain what DNS is.

The perpetrators of the New York Times’ attack targeted the site’s Internet DNS records. To better understand this, know that computers communicate in numbers, whereas we speak in letters. In order for us to have an easy-to-remember destination like nytimes.com, the IP address must be converted to that particular URL through DNS.

Therefore, no matter how big or small a company’s online presence is, every website is vulnerable to the same DNS hacking as the New York Times’ site. The good news is the websites of smaller companies or organizations fly under the radar and rarely targeted.  Larger targets like the New York Times, or LinkedIn, which was recently redirected to a domain sales page, are more likely targets.

For now… There is no reason to panic and prioritize securing DNS over other things right now. But there is a belief that DNS vulnerability will be something cybercriminals pick on more often down the road. Here are a few ways to stay safe:

Select a Registrar with a Solid Reputation for Security

Chances are, you purchased your domain name through a reputable registrar like GoDaddy, Bluehost, 1&1, or Dreamhost. Obviously, you need to create a strong password for when you log into the registrar to manage your site’s files. Nonetheless, recent DNS attacks are concerning because they’re far more than the average password hack.

It was actually the security of the registrars themselves that was compromised in recent attacks. The attackers were basically able to change any DNS record in that registrar’s directory. What’s particularly frightening is the registrars attacked had solid reputations. The New York Times, along with sites like Twitter and the Huffington Post, is registered with Melbourne IT. LinkedIn, Craigslist and US Airways are registered with Network Solutions. Both had been believed to be secure.

So what else can be done?

Set Up a Registry Lock & Inquire About Other Optional Security

A registry lock makes it difficult for anyone to make even the most mundane changes to your registrar account without manual intervention by a staff registrar. This likely comes at an additional cost and not every domain registrar has it available.

Ask your registrar about registry locking and other additional security measures like two factor authentication, which requires another verifying factor in addition to your login and password, or IP address dependent logins, which limits access to your account from anywhere outside of one particular IP address.

While adding any of these extra safeguards will limit your ability to make easy account change or access your files from remote locations, it may be a worthwhile price to pay.

CLICK HERE for a free network assessment and avoid cybercrime with Cognoscape.

What’s the Difference Between a Help Desk and NOC?

Inquiring SMBs Want to Know… What’s the Difference Between a Help Desk and NOC?

It’s no secret that any growing small-to-medium sized business must monitor and manage its business technology in the most 63cost-efficient way. The tricky part is figuring out how to do this without sacrificing the overall experience of the end- user. End-users can be clients and customers or employees. Both rely on the efficiency of a firm’s network, servers, and applications, and the availability of the company’s data center. Thanks to the evolution of managed services, it’s actually possible these days to reduce costs, which strengthens IT support and infrastructure. It’s just a matter optimally integrating all available resources.

 

IT’S A STAFFING CONUNDRUM FOR MOST SMBs

Most SMBs tend to be short staffed. This isn’t just another reference to the many SMBs with little to no onsite tech support. While that’s true, and problematic, it’s actually all operations that tend to be short staffed.

Small yet growing companies and organizations aren’t just short on tech support; it seems like even their administrative assistant needs an assistant to keep up. Customer support and sales teams are also overworked, and often hindered by having to understand and troubleshoot tech problems when they have no tech expertise whatsoever.

There is no, “Hold for a moment, Sir. I’m about to transfer you to our tech support team.” There is no tech support team.

This is where managed service providers (MSPs) step in to save the day. MSPs help SMBs better manage their technology to achieve greater ROI (Return-on-Investment). One way they do this is by augmenting a SMBs existing on-site staff with the remote support of a 24/7 Network Operations Center (NOC) and Help Desk.

WHAT’S THE DIFFERENCE BETWEEN A NOC AND A HELP DESK?

This question is asked a lot because it’s really not uncommon to see both referenced interchangeably, which leaves many to assume they are one in the same. They are not. Here is the easiest way to distinguish between the two.

NOC: Most of the work performed by a NOC focuses on the network and systems. The NOC can almost be viewed as a mission control center. They monitor and manage an IT network. A 24/7 NOC typically monitors the network and system security, performance, and backup processes.

Help Desk: The Help Desk is more customer-oriented. The Help Desk has interaction with the end-user, or someone representing the end-user, to directly respond and resolve technical problems as they arise. Customers or employees can typically reach the Help Desk by clicking a support icon, emailing them, or dialing a toll-free number.

DO THE HELP DESK AND NOC INTERACT? Although the NOC and Help Desk are different, they do work together, along with any in-house tech support, to provide cohesive tech solutions to end-users. The Help Desk typically has three tiers of support and may sometimes have to escalate tickets to the NOC for resolution. This open communication, and ease of escalation, improves the end-user experience and serves as a proactive cost-efficient approach to managing SMB technology.

CLICK HERE for a free network assessment.

6 Steps to Better Data Backup Practices

  1. Think Quicker Recovery Time, Not Quicker Backup – While incremental backups are much faster than executing a full-backup, they also prolong recovery time. In the event of data loss, a full restore will require loading the most recent full backup and then each incremental backup tape. Having too many incremental backup tapes not only adds time to this restoration process, but it also increases the probability of not recovering all of your data. A tape could be lost, unintentionally skipped over, or contain corrupted data. Be sure to focus on optimizing the restore time to ensure faster data recovery. A quicker recovery time should be the main objective, not the need for a quicker backup process.

43

  1. Maintain Sufficient Backup History – Within the blink of an eye, current data files can become corrupted and inaccessible. This will necessitate the loading of an earlier data backup that is clean of corruption. Many smaller companies make the mistake of failing to keep a sufficient backup history.
  1. Be Sure to Backup Essential Data AND Applications – Some businesses don’t feel the need to backup all data, but be sure essential databases, documents and records are backed up frequently. Don’t overlook applications that are critical to day-to-day business operations either. Many companies fail to backup applications, only to realize when it’s too late that they don’t have access to the original installation disks when they’re trying to recover from data loss or an outage.
  1. Have Off-Site or Online Backup – Some businesses backup data simply by moving essential files to tapes or external hard drives that are then stored somewhere onsite. But if they’re kept onsite, what happens if a fire, flood or other natural disaster takes out not just your server but your backup tapes and drives? Onsite backups can also be susceptible to theft. Having secure off-site, or even online backup, is simply the smart thing to do to ensure quick recovery when trouble comes to town.
  1. Fix Broken Access Controls on Your File Server – Many businesses have folders with confidential data residing on a file server with overly permissive access controls. Why take the risk of having a disgruntled – even former – employee access and misuse this data when access can be limited to only those in the company who need it?
  1. Be Sure to Test Restores – It happens time and time again. Business owners think they have a data backup plan in place. Tapes are changed diligently each day and everything appears to be backed up and good to go. However, it turns out the backups haven’t been working for months, sometimes even years, right at the very moment they’re needed. Either the backups had become corrupt and useless, or large segments of data were not being backed up. This happens often. Don’t let it happen to you.

Avoid data loss before it happens. CLICK HERE for a free network assessment.

Cybercrime and SMBs

 WHAT HAPPENS ON MAIN STREET STAYS ON MAIN STREET

When hackers breach the security of corporations it makes headlines, yet there is rarely a mention when cybercrime hits small to medium sized businesses (SMBs). Very few people are even aware that today’s cybercriminals are targeting SMBs, not just supersized global businesses. According to Verizon’s 2013 Data Breach Investigations Report, 71% of the data breaches investigated by the company’s forensic analysis unit targeted small businesses with fewer than 100 employees. Of that group, businesses with less than 10 employees were the most frequently attacked.

55EVERYONE IS A VICTIM WHEN IT COMES TO CYBERCRIME

The loss and exposure of confidential data from a cyber-attack is costly to both the people victimized and the businesses whose data was compromised.

For the victim, hackers typically retrieve personal information, bank account, credit card and social security numbers, resulting in identity fraud. The stress and time involved to reclaim their identity and get their financial house back in order is beyond measure.

For businesses, there are 47 state-specific DBN (Data Breach Notification) laws in effect in the United States. Adding to the complexity and costs of this process is the fact that laws and compliance obligations vary from state to state. A breach of customer data in Pennsylvania will have different breach notification and follow-up requirements than a breach involving a customer in Massachusetts. This means firms servicing customers and clients from more than one state are responsible for these duplicative legal, regulatory and compliance burdens.

CYBERCRIME COMES AT A HIGH PRICE FOR SMBs

According to research compiled by the Ponemon Institute in their 2nd Annual Cost of Cyber Crime Study, the average cost per breached record in the U.S. is anywhere between $150 to $200. This amount factors in the costs of the investigation and notification process, fixing the issue that led to the breach, possible liability and litigation costs, lost business, and the time and effort that go into damage control. In many cases, a damaged reputation may prove to be irreparable. Nearly two-thirds of victimized companies are out of business within six months of a significant cyber-attack, making cybercrime the death knell for many SMBs. This is because the consequences of cybercrime extend well beyond the actual incident and have long-lasting implications.

Small businesses obviously don’t have the same financial footing to rebound and carry on with business as usual in the way organizations like Target, Amazon, Apple, or Citibank can.

Symantec’s research found that customers affected by security breaches are generally less forgiving of smaller businesses, especially smaller online retailers, than larger companies. SMBs are contending not only with lost revenue and expenses, but also the possibility of never regaining the trust of customers, clients and business partners.

Symantec’s 2012 State of Information Survey found that nearly half of all SMBs admitted to a data breach damaging their reputation and driving customers away.53

The trend of cybercriminals preying on smaller businesses doesn’t seem to be waning. According to Symantec, the number of cybercrime attacks targeting firms with fewer than 250 employees jumped from 18 percent of all attacks in 2011 to 31 percent in 2012.

WHY CYBERCRIMINALS ARE ZEROING IN ON SMALL BUSINESSES

Large corporations have the resources to invest heavily in the most sophisticated security strategies and successfully stop most cybercrime attempts. A typical large enterprise may have over twenty in-house IT dedicated employees ensuring that every device connecting to their network is adequately protected.

In comparison, SMBs have neither the money nor the manpower of large enterprises and can’t afford the same level of security. Very few SMBs have fulltime IT dedicated personnel on hand to run routine security checks. Even those who do have in-house IT support often find that their internal resources are too bogged down with other tasks to properly address security upkeep.

A joint survey of 1000 SMBs conducted in September of 2013 by McAfee Internet Security and Office Depot further confirms how lax many SMBs are when it comes to protecting their data.54

Not only have SMBs become easy prey for cybercriminals, but their sheer abundance also makes them an alluring target. There are roughly 23 million SMBs in the United States alone. Half of that figure is comprised of home-based businesses. Even in a struggling economy, it’s projected that there are still an estimated 500,000 startups launching every month with only a handful of employees.

SMBs ARE NOT “TOO SMALL TO MATTER”

Since most cybercrimes affecting smaller businesses go unreported by the media, there is no sense of urgency by SMBs to prepare for cyber-attacks. Too many SMBs mistakenly view their operations and data as trivial to hackers. They feel that large online retailers, global banks, and government entities are much more attractive targets for hackers.

The goals and methods of cyber attackers are evolving and will continue to evolve. The era of one “big heist” for hackers is over. Cybercriminals today often prefer to infiltrate the data of many small businesses at once, stealing from victims in tiny increments over time so as to not set off an immediate alarm. This method takes advantage of those SMBs who are especially lax with their security processes and may not even realize there has been a security breach for days or sometimes even weeks. SMBs must end the “It will never happen to us” mindset. For instance, political “hactivists” have been responsible for a number of high-profile Denial-of-Service (DDoS) attacks in recent years. The goal of a hactivist is to disrupt the status quo and wreak havoc on the technology infrastructure of larger corporations and government entities. It’s a form of cyber anarchy: A “stick it to the man” philosophy spearheaded by groups like 4chan, Anonymous, LulzSec, and Anti-Sec.

An owner or Chief Information Office (CIO) at a SMB may read of these high publicized attacks in the press and not think anything of it. They aren’t Sony, Apple, or the Department of Defense, so why would a hactivist target their data? But it’s estimated that there are on average 1.29 DDoS attacks throughout the world every two minutes and such activity is much broader in scope than the press may lead us to believe.

SMBs- THE ACCESS RAMP TO BIGGER & BETTER DATA

One reason small businesses are more vulnerable is they’re often the inroad to larger better-protected entities. They are often sub-contracted as a vendor, supplier, or service provider to a larger organization. This makes SMBs an attractive entry point for raiding the data of a larger company. Since larger enterprises have more sophisticated security processes in place to thwart cyber-attacks, SMBs often unknowingly become a Trojan horse used by hackers to gain backdoor access to a bigger company’s data. There is malware specifically designed to use a SMBs website as a means to crack the database of a larger business partner.

For this reason, many potential clients or business partners may ask for specifics on how their data will be safeguarded before they sign an agreement. Some may require an independent security audit be conducted. They may also ask SMBs to fill out a legally binding questionnaire pertaining to their security practices.

Moving forward, a SMB that is unable to prove they’re on top of their infrastructure’s security will likely lose out on potentially significant deals and business relationships. More large enterprises are being careful to vet any business partners they’re entrusting their data to.

CLICK HERE for a free network assessment.

Understanding How Data Loss Happens – The Four Main Reasons

43Small business owners are often worried about data loss. Rightly so, because data loss has the potential to wipe out a business. We have identified the most common forms of data loss so you can see how they fit into your business and assess the risks related to each of these pitfalls.

1. Human Error – Human error – by way of unintentional data deletion, modification, and overwrites – has become much more prevalent in recent years. Much of this is the result of carelessly managed virtualization technology. While virtualization and cloud computing have enabled improved business continuity planning for many businesses and organizations, humans must still instruct this technology how to perform. The complexity of these systems often presents a learning curve that can involve quite a bit of trial and error. For instance, a support engineer may accidentally overwrite the backup when they forget to power off the replication software prior to formatting volumes on the primary site. They will be sure to never do that ever again, but preventing it from happening in the first place would be more ideal.

2. File Corruption – Unintended changes to data can occur during writing, reading, storage, transmission and processing – making the data within the file inaccessible. Software failure is a leading cause of data loss and is typically the result of bugs in the code. Viruses and malware can also lead to individual data files being deleted and hard drive partitions being damaged or erased.

3. Hardware Failure – Storage devices may be at risk due to age, or they may fall victim to irreparable hard-disk failure. Viruses and hackers can also potentially shut down a hard drive by inserting undeletable malicious code and huge files via open, unprotected ports. If these malicious programs cannot be deleted, the entire hard drive may have to be reformatted, wiping out all the data.

4. Catastrophic Events/Theft – The threat of catastrophic events such as fire, flooding, lightning and power failure is always a concern. Such events can wipe out data in a millisecond with no warning. Theft is also a data loss risk that companies must address. While advances in technology like anytime/anywhere connectivity, portability and the communication/information sharing capabilities of social media and crowdsourcing have revolutionized business – the risk for theft is even greater due to this increased accessibility. More people are doing daily business on their laptop, iPad and mobile phones. They are also carrying around portable media like thumb drives, USB sticks and CDs. Physical theft of any of these devices can spell big trouble.

Data loss is as unique as the various sources from which it comes. The key is to identify the areas in which your business is weak and work towards a mitigation plan for each one of them. An MSP can act as a trusted partner in such cases, holding your hand through the process of safeguarding your data.

Prevent data loss with Cognoscape. CLICK HERE for a free network assessment.

3 Steps to Improved BC/DR Planning


Step 1 – Recognize the Need and Importance

Business continuity and disaster recovery strategies tend to be on the to-do lists of many SMBs, but they are often delayed as more urgent business issues emerge. U.S. businesses lose roughly $1.7 billion in profit each year from network outages according to the same 2011 CDW business continuity survey referenced earlier. Obviously, it isn’t smart business for an SMB to let business continuity and disaster recovery planning become an afterthought.

To structure a solid business continuity plan, SMBs must be prepared for all possible disruptions. It is important to note that business continuity goes beyond being prepared for natural or man-made disasters. We are now so technologically dependent that BC/DR plans must be in place to counter any disruption – big or small – that threatens business and profitability. Internal technical or infrastructure failures or cyber-attacks are obvious examples. Small internal “single-points-of-failure” can bring down an entire operation.

 

Step 2 – Impact Analysis and Risk Assessment

Constant availability is critical to success. In order to minimize downtime, it’s important to determine what technology is behind each phase of your business operations. Knowing the technology infrastructure of your business allows for a comprehensive impact analysis and a better grasp of the impact on business operations when specific technology fails or becomes unavailable – even for a short period of time.

Determining what could unexpectedly bring down each piece of that infrastructure is risk assessment. Risks come in the form of either internal or outside threats. Internal threats can be anything from an application failure, disk crash, and server malfunction to human error or a bitter employee. External threats can vary depending on location – natural disasters like hurricanes, earthquakes, tornados, floods, and fires, as well as man-made events like power outages, acts of terror, and accidents can knock out services. Additionally, our dependency on technology leaves firms susceptible to cyber-attacks like malware, computer viruses, phishing schemes, and the theft of personal mobile devices used for work purposes.

While major disasters do occur, and shouldn’t be overlooked, it is the smaller everyday disruptions like power outages, server crashes, email issues, equipment failure, and lost or corrupted data that pose the bigger risk to business.

Doomsday prepping may be the rage these days, but a sound BC/DR plan typically begins by focusing on addressing the day-in and day-out disruptions first. Documenting, reviewing, communicating, and testing the effectiveness of smaller response scenarios will better prepare businesses for potential disasters and longer-term disruptions.

 

Step 3 – Look to Recent Tech Trends That Simplify Planning

Recent technology developments like server and desktop virtualization, cloud computing, and mobile devices are beneficial to SMBs looking for BC/DR solutions.

Virtualization – BC/DR preparedness may be the most compelling reason to consider virtualization. Virtualization allows businesses to condense data and applications onto fewer servers – taking up less space and consuming less power. Virtualization allows small-to-medium sized businesses the benefit of high availability (HA) without the added expense of building a backup data center. Operations can be restored faster as the entire system can be brought back in a single virtual container.

Cloud Computing – More firms are moving to the cloud for backup services. The cloud has enabled small and medium sized businesses to backup operations away from their primary location and enhance their business continuity process at a reduced cost.

Cloud-based Software-as-a-Service (SaaS) packages often come with built in business continuity solutions that can automate data backup processes onsite or off-site – spreading out risks and minimizing the impact of a disaster. Data, servers, software, and tools can be stored in the cloud and remain safe if a business is hit by a computer virus or disaster. The cloud also allows remote workers to access an organization’s communication and collaboration tools, further allowing for “business as usual” in the event of a serious disruption.32

Although it is understandable that ownership and upper management at small to medium sized businesses are hesitant to spend money, BC/DR planning is a lot like insurance. It is human nature to think that bad things won’t happen to you, but the investment pays off the when you’re hit by an extreme event or emergency.

New technology trends and the back-up-as- a-service, remote backup, and online backup services provided by MSPs have given SMBs the ability to safeguard their business operations at a reasonable cost. Money and resources can no longer be an excuse for a lack of solid BC/DR solutions. There is way too much at risk. Plan now and CLICK HERE for a free network assessment.