In 2015, the top tech news was the data breach at Ashley Madison, a Canadian dating and social networking service that encouraged visitors to “have an affair.” The twist in their service was that they offered it to married people or those who were already in a relationship.
The hackers threatened to make public the personal information they had stolen – which included full names and addresses – unless Ashley Madison (and a sister company) discontinued their services. Although they did eventually shut down, it didn’t stop the hackers from releasing the data of millions of people who had signed up for their matchmaking services.
Moral of the story: a data breach can bring a business down.
The Threat Is Real
While this might appear to be a “worst-case scenario” and that it could probably never happen to you, you shouldn’t be too sure. The following sample figures should worry you, as recent studies show:
- Small businesses made up 43% of all hacking victims
- Only 40% of these small businesses made it past six months following the data breaches
- Over 60% of the data breaches these small businesses experienced was due to human error – mainly because of the use of weak, default or stolen passwords
There are no encouraging numbers out there, just a caution: don’t let your business go under!
What Are Other Causes For Data Loss?
Here are some of the other common causes for loss of data.
Workers could be still on your payroll or former employees who bear a grudge but still retain their login accounts and privileges
Malware and viruses
Malicious software can syphon data from your network; they could be introduced remotely, or sneak in from within your network via infected hardware like thumb drives and laptops
Whether the hardware was intentionally breached or configured wrongly, your own hardware could fail you. Don’t forget the data doesn’t have to fall into someone else’s hands; if your hard disks fail and they take your data with them, you will have still lost data
Whether it is your desktop operating system, the applications you work with or the protection software that are supposed to prevent attacks, if they are not configured correctly they will become liabilities waiting to be exploited
If an administrator loses a laptop with all the passwords and access codes saved in it, it won’t be too difficult for someone else to grab your data; in fact, 41% of data loss is caused because of lost or stolen devices
As you can see, the threats that you need to keep an eye out for are numerous, and we haven’t even touched on natural disasters and acts of God that could destroy your data with no one to blame for the loss.
Can A Business Fail Due To A Breach?
Well, apart from the Ashley Madison example we saw at the beginning of this article, the loss of data can impact a business in several ways:
- A hit to their reputation – no business can survive the bad publicity that comes from the loss of their data. Their brand name will be associated with disaster and failure for the foreseeable future, which brings us to…
- Loss of customer confidence – no new clients will be willing to sign up for the services of a company that can’t protect their data; the old clients will probably have jumped ship a long time ago
- Liability lawsuits from former clients – many of those clients could choose to take the business to court and the number of payouts and settlements amounts are rather exorbitant, which can bring the defendant to their knees
- Loss of trade secrets and copyrights – apart from personal information and money, the one thing that could really harm a business as if they were to lose copyrighted material or trade secrets on which their products and services were based; a rival company would simply start trading using their own proprietary inventions and the infringement litigations wouldn’t be of much help
- Damaged business credit – for those who do try to make it back up after a heavy fall, it will still be difficult to find refinancing or credit after news about the hack gets out; not many financers would be willing to take the risk.
As you can see, the fallout from a data breach will affect your business for a long time. To be honest, it wouldn’t be held against you for simply closing shop and moving on to the next venture.
How To Stop Data Breach
As dire as the whole affair seems, there is still hope for you and your business’ data. Some actions you can take immediately are:
Training and education
All employees should be aware of online safety and security matters. They should also be made aware of policies and procedures that have been put in place to help protect them and the network they work on; the rules should then be enforced to make sure everyone is on-board and willing to abide by them.
Meanwhile, scheduled email blasts about news and trends in the tech security world as well as refresher courses should be used to keep them wary about any new threats out there.
Active monitoring and intrusion detection
While administrators should do everything they can to prevent the loss of data, they should also be able to know when someone has managed to bypass their defenses and is set on doing damage from within their network. It might seem a bit too daunting of a task, tracking and thwarting attacks can be done easily with some of the best network monitoring tools that are available on the market today.
These tools keep an eye out for data packets that act oddly or shouldn’t even be on the network at all.
If you want to tackle the problem before it even occurs, you will need to invest in intrusion detection software (IDS).
Auditing accounts, roles, and permissions
Every single account that is permitted to connect to the network needs to be audited and accounted for. The roles assigned to each of them should reflect the reason for being on the network while the permissions show their position in the company – the higher up the ladder they are, the more they are allowed to access, for example.
There should be a procedure that logs changes made to every account. The logs should also be analyzed to see if there have been any suspicious activities, especially involving the more powerful accounts as they are the ones that are often targeted or used to do the most damage.
Finally, login accounts belonging to former staff need to be removed as soon as possible.
Timely updating and patching of software
A business that is running unsupported operating systems, applications that have not been upgraded or software solutions that have not been patched up, is asking for trouble.
As a matter of fact, even an out-of-date hardware device – be it a network adapter, CPU or motherboard – could present opportunities for hackers.
A business should, therefore, implement strategies where they:
- Keep track of the versions of its technological assets
- Make sure all automatic updates are enabled and roll out updates when required
- Replace outdated software and retired hardware as soon as possible
- Properly dispose of all their old assets once they have no more use for them
A good business will also have a “worst-case scenario” where they can get right back up and running in the shortest possible time after all attempts to secure their data have failed. They will assume the worst could happen – a total data wipeout, for example – and plan to be prepared for it.
One sensible solution they could opt for is a full data backup to use when their worst nightmare becomes a reality.
With automated cloud data backup available for reasonable prices, there is no reason why businesses shouldn’t keep a copy of all their business and transaction data stored safely and securely out of harm’s way.
Well, we can clearly see that your business could go under should you be unlucky enough to be targeted by hackers. The wise thing to do is to be prepared for data breaches and plan for a quick recovery of the lost data.
Remember, although it may be slim, there is still a chance of keeping your business’ doors open even after a total data loss; just plan for it.