Any company, no matter the size, fears losing its data — or access to its data. In a worst-case scenario, that could shut down a business and lead to customer and revenue losses. So how can businesses defend against those outcomes and ensure that they have adequate data backup systems in place?
Those are thorny questions ahead of World Backup Day, which is Thursday. This event, first held in 2011, is aimed at getting agencies, businesses and individuals to back up their files, as well as highlighting common ways data can be lost and options to back it up.
Companies are facing more complex threats to their data security, Norman Guadagno, chief evangelist at Carbonite, told BizTech. Carbonite, which offers cloud and hybrid backup software for small and midsize businesses, recently released a survey on data backup and recovery that found that IT professionals at SMBs are worried about data loss.
Facing Threats from Multiple Angles
Guadagno says that threats to companies’ data used to be clearer: A hard disk would fail, or a server would get destroyed in a natural disaster. The goal was to have protection in case of an event like that. “Although those problems are still there and they’re still threats, what’s become interesting is all of the treats we never imagined,” he says.
Now, threats include internal security issues from a company’s employees, as well as ransomware, in which malicious actors infect a computer system or network with malware and hold data or the system hostage in exchange for payment.
In November 2015, Carbonite conducted a survey of more than 250 IT decision-makers at businesses with 250 or fewer employees. The survey found that while 47 percent of respondents said fear of losing data keeps them awake at night, only 36 percent have a detailed disaster recovery plan in place and just 45 percent have a framework for one.
In a world in which “every business is a data business,” Guadagno says, losing access to data or losing data completely can have a cascading effect, in which companies need to pay to recover their data and replace hardware, need to pay employees who are not working and may lose customers and revenue they will never get back.
Data backup tends to be more challenging for small businesses because they often do not have large IT staffs devoted to data security, Guadagno says. “One of the things many small businesses struggle with is not necessarily understanding the difference between storage and backup,” he says.
Storage, he notes, relates to putting a selection of documents or data in the cloud to be shared. Backup refers to backing up all of the data and documents a company needs to run its business. “The differences only become apparent when something goes wrong,” Guadagno says.
According to Guadagno, one reason Carbonite’s survey found a disconnect between the percent of IT decision-makers who are worried about data loss and the percent who are actively taking steps to back up their data is that many are bothered by the prospect of data loss, but not enough for protecting data to be a top business priority. Often, in SMBs, these executives and officials are focused on not only IT security, but also many other business tasks, he notes.
The Carbonite survey found that 55 percent of small business IT managers worry more about threats from their own employees than about threats from external entities, like hackers. Guadagno explains that that is a worry about an employee not only acting maliciously, but also unwittingly clicking on an email that lets an outsider gain access to a company’s data and potentially hold it for ransom.
According to The Washington Post, in 2015, the FBI received 2,453 complaints about ransomware and victims lost $24.1 million.
Best Practices for Businesses
World Backup Day founder Ismail Jadun told BizTech that for both small businesses and larger organizations, “the 3-2-1 rule is a pretty good rule of thumb” to follow in backing up data.
He recommends that companies have at least three physical copies of their data, in addition to their primary backup; that they store the copies in two different formats; and that they have one backup copy off-site.
Guadagno says that if companies have a backup to the cloud, they should have that system back up data regularly. Carbonite’s services do that automatically, and if something goes wrong, the data can be restored easily.
Guadagno also recommends that companies educate their workforces on good data hygiene and how to avoid potentially malicious actors and suspicious emails. He also notes that firms need to have a plan for internal communications and recovery if something disastrous does happen. He also recommends having a clear plan for informing customers.
“It’s a data-driven business in 2016,” Guadagno says. “[Companies] need to protect that the same way they double-bolt the door at the of the day.”