With businesses across all industries taking advantage of the efficiency gains and cost reduction of increased digitisation, cybersecurity is a growth industry and with good reason. Data breaches cost UK businesses billions of pounds each year and shatter consumer confidence.
Security is extremely important, but it is by no means the whole picture when it comes to data protection and business recovery planning. The fact is that breaches, system failures and disasters all happen, so a digitised business needs not only to secure its data, but must have a substantial disaster recovery plan in place so that it can quickly respond to incidents with a plan B for when everything else goes wrong.
Protecting Sensitive Data
The starting point that every business should consider is a ‘reasonable’ level of security. This is not only common sense, but a requirement, at least as of 2018.
In May 2018, the GDPR (or General Data Protection Regulation) will come into effect, which will require businesses to take substantial precautions with customer data. Failure to adequately secure data and respond to incidents will lead to potentially vast fines – up to €20 million or 4% of global turnover for serious breaches.
With these added ‘incentives’ in mind, every business that stores customer data should take cybersecurity seriously. At the most basic level, it means having your network behind a strong firewall, keeping antivirus software up to date and running on all devices, and ensuring that all software and systems are kept up to date to minimise potential vulnerabilities.
Data protection doesn’t end with the internal network, however. Increased employee remote working means legitimate network access from devices your business does not directly control, creating new avenues of attack. This trend necessitates strong password policies and the limitation of access to known devices, or employing some form of endpoint security system.
Responding to and Recovering from Incidents
The fact is, sadly, that no matter how good your security system or how well maintained your servers, incidents do occur, resulting in a loss of data. This type of setback is, of course, when disaster recovery planning comes into effect.
For the more routine incidents, such as power cuts, you have UPS (or uninterruptible power supply) systems, which can keep your business’ critical systems running through a brief outage and give you time to shut them down in a controlled manner to minimise the risk of damage and loss.
That isn’t always enough, however, and hard disk or system failures do occur. The only way to mitigate loss from hardware failures or major breaches is to maintain a robust backup system.
Depending on the resources available to your business, you will probably want to create an incremental backup as often as possible (daily, in most cases), so that the maximum data lost will only add up to a few hours. For smaller businesses, cloud storage and backup solutions are available.
Planning for Disasters
Sometimes, real disaster strikes, and your plan-A disaster recovery simply does not work. The backups are corrupted, lost, destroyed or, if kept locally or on the cloud, perhaps encrypted by ransomware.
Dealing with this sort of incident necessitates a plan-B recovery solution. For most businesses, that will take the form of weekly or monthly full backups of business-critical systems, stored in a secure offsite facility, which means that, if the absolute worst does happen, your business can still recover within an acceptable time frame.
Data protection, even before the GDPR comes into effect, should be a concern for everyone involved in a business keeping digital records. Loss of data, even for the smallest business, can be catastrophic. Thankfully, having a reasonable level of security, coupled with a sensible backup policy can reduce all but the largest catastrophe down to a mere inconvenience.