No matter what the size of your business may be, how often do you, as a business leader, think about disaster preparation and disaster recovery? Here are some things to keep in mind.
How much should you pay for data protection?
Only pay as much for protecting your data as you believe your data is worth. For example, you wouldn’t have a guard stand outside the accounting office of a small newspaper, but you would have multiple layers of security for the patient data of a hospital.
When should you back up your data?
Always back up your data. If you’re a small business owner, you might wish to consider saving your data to a business cloud storage suite. But at the minimum, back up your data on a regular basis a permanent device, such as DVD’s, and store them off-site.
Why use battery backups?
Always use battery backups on your most important computers. You don’t want to have your data corrupted during a power outage.
Why use virus protection?
Make sure that every computer has virus protection, and make sure that the software (for example, McAfee, Norton, etc.) automatically updates. Keep the program paid up so that there is no interruption in service. You never know when those pesky viruses can enter a computer. I don’t recommend using free virus protection software, and when you consider the importance of your data, often, the cost to recreate the data can be priceless. Start with a suite such as Norton 360 because it offers excellent flexibility without compromising the speed of your computers.
What about BYOD?
By now, most have heard the term BYOD, which means bring your own device to work, but at the core, it means an employee will use his or her own smartphone or tablet at the office to do work. Employees use their devices for email, applications, and access to sensitive data. The bottom line is that sensitive corporate data will reside on employees’ devices.
Does your business have a BYOD policy? What are the procedures for accessing sensitive company information on employees’ smartphones and tablets? What happens when and if employees quit? Most small businesses don’t have the resources to immediately wipe the devices clean. So where will the data will go? To a competitor? To the highest bidder? There are also bandwidth issues. Corporate IT departments are set up to manage the needs of desktop and laptop computers, but when BYOD enters the picture, needs are no longer finite, and maintenance costs are no longer clear and manageable.
Here are some sobering statistics from a Harris Poll of U.S. adults:
• Nearly 40% who use personal devices for work have not activated the auto-lock feature, so the device is not password-protected.
• 33% who use their personal devices for work admit that their company’s data is not encrypted.
• Nearly 50% who use a personal device for work let others use it for other purposes, which will open the device up to malware, spam, and viruses – which can then transfer to your corporate data.
• 31% who use a laptop for work connect to the company’s network via a free or public Wi-Fi connection, which opens up the device and data to malware, spam, and viruses.
As BYOD becomes more widespread, security concerns will increase. So be proactive and take proper precautions now, before data loss and/or a data breach become reality.
As you can see, there are many steps you can take to protect your business. While each step is relatively small, each one alone will take a small amount of time. But taking all of these steps as part of an overall security/disaster preparation plan will help your business avoid losing everything when and if disaster strikes.
AUTHOR
Allan Pratt, an infosec strategist, represents the alignment of technology, marketing, and management. With an MBA Degree and four CompTIA certs in computers, networks, servers, and security, Allan translates tech issues into everyday language that is easily understandable by all business units. His expertise includes the installation and maintenance of all aspects of the PC and peripheral lifecycle and the planning and integration of end-to-end security solutions. Allan also teaches both the CompTIA A+ and the CompTIA Security+ certification courses, and has been quoted in industry publications. Follow Allan on Twitter (@Tips4Tech).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.