How to Prevent Data Loss in Your Business
Data is becoming the fuel of businesses today, with organisations relying on digital services, e-commerce, cloud storage, as well as the use of various devices in the office.
As such, data loss is a risk business owners constantly face, especially in light of recent malware attacks that hit multiple UK businesses.
Notably, the ‘NotPetya’ ransomware hit UK advertising giant WPP, costing the company up to £15 million and 10 days of remediation. British consumer goods manufacturer Reckitt Benckiser took an estimated £100m hit in revenue.
Causes of Data Loss
Although many high-profile cases gain media mileage, businesses of all sizes are vulnerable to data loss. It could be financial or personal in nature, but sensitive information that finds its way to public domain can cost UK firms an average of £1.9m per year.
Cyber attacks are not the only cause of data loss. Other factors include:
1. Human Error
The top reason for business data loss is actually human error, according to UK’s Information Commissioner’s Office (ICO). Mistakes committed by employees account for 62 percent of reported incidents. These include:
- Accidental file and email deletions
- Posting or faxing data to the wrong person
- Loss and theft of paperwork
- Email sent to the wrong recipient
- Improper disposal of paperwork and office hardware
- Loss/theft of unencrypted devices
- Failure to redact sensitive data
2. Hardware Malfunctions
A computer’s hard drive is extremely sensitive to dropping, vibrations, shaking, and bumping. As such, it is a potential source of data loss especially if your business does not conduct regular backups.
Hard drive failure can be attributed to external issues (e.g. overheating, exposure to magnetic fields), internal issues (e.g. file/software corruption), or misuse by employees (e.g. tampering, dropping).
Keep in mind that a hard drive will last about four to five years, so plan on updating them regularly.
3. Water Damage
In general, electronics and water do not go well together. Any form of liquid—water, coffee, juice—can cause your computer or laptop to short circuit, especially if it does not have any form of protection.
More often than not, drying off a water-damaged laptop or computer will not work.
4. Computer or Laptop Theft
A hacker does not only come in the form of a cybercriminal. They can also go to your office and steal devices that contain sensitive information.
5. Power Failure
Outages and power surges, although not as often, can also cause data loss. Despite plenty of programs having auto-save features, most operating systems need complex shutdown procedures that can damage data when the power suddenly goes out.
6. Compromised Cyber Security
The ICO reported that 16 percent of cyber incidents recorded were malware attacks, with 14 percent of these categorised as ransomware.
In fact, almost half of UK business fell victim to cyber attacks in 2016, costing owners about £30bn. In light of this, the UK government urged business owners to improve their cybersecurity.
Read our guide How To Prevent A Malware Attack On Your Business.
What Can Be Done To Avoid Data Loss?
According to international digital security company Gemalto, of the 9,000 global consumers including those from the UK that they surveyed, 66 percent would refuse to do business with an organisation that exposed their financial and sensitive information.
Before delving into the preventative steps you can take, it is important to note that data loss in the digital age is a constant threat. As such, no one factor can make a business overcome this risk—only minimise it.
1. Study existing data and comply with government regulations
If you haven’t yet, conduct a data sweep to analyse what kind of data your business has collected and how sensitive they are.
Afterwards, make sure you are updated and are compliant with existing laws and regulations that concerns data security.
For instance, the Data Protection Act dictates organisations to have appropriate security measures in place to protect personal data from being compromised. Moreover, the upcoming implementation of the General Data Protection Regulation would also impact UK firms.
Although compliance does not automatically equate to safety, these policies are put into place to keep businesses safe in this increasingly digital landscape.
2. Encrypt data
Any device used to conduct business should have data encryption. Encrypting is another layer of defence that would come in handy if a device is stolen. With encryption, a hacker would be hard-pressed to understand any data if they do not have your company’s login details.
3. Use strong passwords with two-factor authentication
Make sure that you create password-protected access to networks and accounts that handle sensitive information. If possible, make it a rule for employees to use strong passwords for every account they use (e.g. use a variety of characters).
The next step to password protection is two-factor authentication. With this, you or an employee will receive a message on your smartphone for the second set of codes to access an account. This helps confirm the identity of an individual trying to access important data.
4. Install robust malware protection
Hackers would always be on the lookout for security weaknesses. As such, make sure each company device has antivirus, firewall, spam filters, and anti-malware software installed. Update the programs every time a new patch is delivered.
5. Limit the use of portable devices
Connecting USBs and portable hard drives pose another level of threat to data, especially if these are used with different devices. Create guidelines for usage of portable devices, as this could spread viruses and malware from one computer to another.
6. Backup often
Unforeseen circumstances can still happen, even after implementing these steps. In the event of theft or accidents (e.g. fire or water damage), your backup would prevent you from losing all your data.
It is best to back up your data into an encrypted USB, with a professional and reliable team handling it remotely.
7. Educate your staff
Above all, awareness and education can go a long way in preventing data loss. Teach your staff how they may be able to protect data better.
This includes not opening email links from untrusted sources, recognizing the signs of a scam, securing devices especially when they go on breaks, using anti-virus software when downloading files, and keeping liquids away from computers.
Make sure that you also inform your customers how they can better protect their accounts (e.g. strong passwords, updating passwords, two-factor authentication).
What Should You Do If You Lose Data?
Small, medium or big business can experience data loss. It is worthy to note that people are the key to keeping the data secure from breaches—and people are also the key to retrieving and recovering should a breach happen.
While hoping for the best is good, having a loss contingency plan is better:
1. Establish facts
When data is lost, panic tends to be the first reaction. Stay calm and form a core team that is highly capable of handling the incident. Establish these facts instead:
- What is the cause of data breach (e.g. lost or stolen, malware attack, human error)?
- How much of the data has been compromised?
- What kind of data did you lose?
- Trace the data journey to find out where the breach took place (e.g. emails, file servers, etc.)
2. Protect your business and your customers
Once facts have been established, a mitigation plan should be enacted. Depending on the extent of the loss, you and your customers should be immediately protected.
- If a USB or hard drive was stolen, how can you find it? Are you sure it was stolen or simply misplaced?
- How will you be able to contain the loss? In the event of account details, can these be changed?
- Have you tried simple ways to retrieve files, such as checking recycle bin, restoring the OS from a backup file, or using a reliable third-party software?
- In case of minor water damage, is there an easy remedy you can do to save the device?
- If it is a hardware problem, have you contacted your data recovery team to get a backup of your files?
If customer details were stolen, make sure that you will also inform them as soon as possible so they can protect their own accounts.
3. Notify regulatory bodies
In case of stolen financial information, you would need to answer to government and regulatory bodies. Delays in notification would often involve hefty penalties on top of the costs you would incur in recovering from the breach.
4. Assess and have a better data security plan
Once the incident has been resolved, understand how the breach happened and how it can be prevented in the future. Learn from it, and put together a better security plan.
Apart from revenue loss, a data breach will also impact your reputation and customer loyalty. A proper data security process does not always mean 100 percent safety; however, it means you can be confident in minimising the risk, as well as having a plan in place in case it does happen.