HomeLockedThe cost of not protecting business data

The cost of not protecting business data

For most small to medium enterprises (SMEs), the computer system is a lifeline. It contains your history, your present business and helps you to plan for your future. Yet despite its importance, a growing number of SMEs are neglecting to take the necessary steps to protect their data.

According to Kroll Ontrack’s recent survey of over 900 IT managers across Asia Pacific, a growing number of SMEs believe that data loss is a problem that only happens to others. Unfortunately, this belief is a fallacy. The survey shows that 49 percent of all IT managers have experienced some degree of data loss within the last two years, and that SMEs are significantly more likely to experience data loss than large enterprises.

Yet, only 13 percent of small businesses and 9 percent of medium organisations believe that data loss has a ‘high’ impact on their business. Thirty nine percent rate their company as doing ‘well’ or ‘very well’ even if it takes more than three days to recover data. These attitudes suggest that IT managers are not making the connection between data loss and lost revenue to the company, and that they may not be taking into account hidden costs such as lost staff productivity, overtime, diverted resources or delays in responding to other issues.

Be prepared when trouble strikes

Amongst SMEs, the most common response to data loss is to restore from a backup. This is fine if your backups are up-to-date and if you know they work. However, according to the survey, only 51 percent of small businesses back up daily, compared to 81 percent of large enterprises. Furthermore, just 41 percent of all respondents test restored data from a backup system at least monthly. It’s important to realise that backups don’t always work. Just because the lights come on, it doesn’t necessarily mean that anything is happening.

Backup media is another consideration when seeking to protect data. Despite the risks, many organisations still rely on USB external hard drives and similar devices that offer a single point of failure. It’s an inherently dangerous practice especially as data loss can affect a company’s ability to comply with regulatory requirements regarding the security, retention and protection of important information.

Frequency of backup should also come under much more scrutiny. Consider how often the data within your business system changes. How long does that data remain productive? For some organisations – especially those in low transaction environments – weekly backups may be enough. For others, daily or multiple times per day may be required.

To keep your data safe, backup routines must be clearly defined, documented and adhered to. Test and review them regularly to make sure that they keep pace with changes in your IT environment.

There are two other plans that every organisation should have in place. The first is an up-to-date contingency plan outlining what to do if disaster strikes. It’s a practice most commonly found amongst larger enterprises, but one that could greatly benefit all businesses. The second is a plan or policy dictating how to treat data once you no longer need it. End-of-lifecycle management plans lay down a formal policy for erasing or destroying unwanted data. They are a way of ensuring that hard disk drives full of customer records and sensitive business data are dealt with properly and not simply handed on to staff or sold on eBay.

When time and resources are tight

Protecting your business from unexpected data loss isn’t difficult if you establish and then adhere to stringent data protection policies. However, it does require management focus and an ongoing commitment of staff resources to run the scheduled backups and restoration tests.  For some SMEs, this commitment may be daunting, especially if IT skills are in short supply. You could ask your IT vendor about the experience that they may have with testing backups.

One of the best ways to ensure that data management gets the attention it deserves is to outsource the processes to a third-party data service provider. These organisations operate quietly in the background, ensuring that backups are regularly carried out and that data is ready to restore at a moment’s notice. They can help to establish contingency plans and will be there to support you should a crisis occur.  Just as importantly, by taking on the data management role, they can leave you free to focus your attention where it’s most needed – on your business.

– Adrian Briscoe is the general manager, APAC for Kroll Ontrack (www.krollontrack.com)
For a full report of the survey results, visit:
http://www.ontrackdatarecovery.com.au/data-risk-management-trends

People who read this, also liked:
Small business lack data protection

Adrian Briscoehttp://www.ontrackdatarecovery.com.au/
Adrian Briscoe is general manager Asia Pacific for Kroll Ontrack, a provider of cutting-edge data recovery services and software to business and home users. Based in Brisbane, Adrian oversees the Ontrack Data Recovery services and software for the company’s offices in Singapore, Australia and Hong Kong. He originally joined Kroll Ontrack as an Electronic Evidence Consultant in the organisation’s London office. Prior, Adrian spent five years in Hong Kong with PricewaterhouseCoopers in its Corporate Finance & Recovery division. Adrian has more than 20 years’ experience in the IT industry, initially starting out as a protocol specialist in London, working with IBM mainframe, mini and desktop systems.