Techblog
SME's guide to cyber security and data protection
High-profile data hacks, leaks, and other cyber-security threats are growing. It is becoming more important for SMEs to have a plan starting with backup and taking into account emerging threats. Here’s our guide to cyber-security and data protection.
Your Data is your most vital asset
Most businesses suffer from data loss at one time or another yet that data has never been more valuable and the risks have never been greater.
“Data loss is a question of ‘when’ and not ‘if’,” MD of Singapore technology consultancy Capiteq, Marco Rayner said.
"Having supported both enterprise and SME businesses, 90 per cent of all clients we have supported have had to recover some lost information at one time or another.”
Yet, whether you realise it yet, or not, your data is becoming an incredibly valuable intangible asset.
According to the authors of a new book, Global Risk Agility and Decision Making, data is becoming so important, new methods of valuing companies are needed to account for its value.
Writing in the Harvard Business Review, authors Dante Disparte and Daniel Wagner say today most organisations are data-driven to one degree or another.
“Data is no longer the domain of tech companies or IT departments — it is fast becoming a centrepiece of corporate value creation more generally,” they said.
“Data contributes not only to brand equity, but to what constitutes product and service delivery in globally connected and hyper-competitive markets.”
At the same time the risk of loss of value is doubling every five years.
Cybersecurity Ventures 2016 Hackerpocalypse Cybercrime Report released in September found the cost of cybercrime will double from US$3 trillion in 2015 to US$6 trillion in 2021.
Increasing threats make this cyber-security a priority
The report also says that the attackers are becoming increasingly sophisticated and are targeting enterprises.
Most worryingly it says nearly half of all cyber attacks are on small businesses.
“Cyber threats have changed over the past few years from the intention of destruction and annoyance, largely orchestrated by amateur hackers, to a billion dollar professional industry performed by groups of up to 500 people, heavily funded and intent on either mining data assets or confiscating access and demanding payment to release it.” Capiteq's Marco Rayner said.
“Called ransomware, these attacks spread through a company’s systems locking users out of critical systems with high levels of encryption.
“The advice of most security companies currently is, if you cannot recover the data, then you have to pay up."
“The answer to this is to maintain a secure, regular, off-site back up of your valuable data."
But it is important to act now. Demand for cyber-security products and people is increasing. Cybersecurity Ventures estimates the workforce shortfall in cyber-security in 2016 is a million people and growing.
How do I respond?
The good news is that there are two simple measures every business can take to protect themselves.
Back up your data.
While backups are traditionally thought of to protect your data in the event you overwrite a document or accidently delete it they are also a big factor to save the day in the event of a breach of security.
For example if files are compromised – the last good backup will be vital in restoring the company's operation. You could go so far as to say a good back up policy is the backbone if any good business.
Back up providers recommend a 3-2-1 strategy, whereby each piece of data is backed up three times, twice on your hardware on and off site, and once in the cloud.
Mr Rayner said it was important for all businesses to identify their core data. The information needed for the business to continue to function.
Singapore IT consultancy Picoded says SME's can identify their core data by focusing on workflows.
“Start from the top level — the one who has all the password access to everything,” Picoded director Eugene Cheah said.
“It may come as a surprise to many IT-savvy companies but it isn’t that rare for SMEs to run with everyone using the same account and password, which may even be the boss’s account.
“Start by securing the confidential data such as payments, contracts, payslips, etc to only those who need to know it.
“Subsequently then, group by group, or employee by employee adjust their access rights, starting from the top to limit their access strictly to what is required by the workflow."
Capiteq recommends opting for having 256bit AES encryption enabled on cloud-based backup solutions which ensures your data is encrypted in the cloud-based environment.
Mr Rayner said if possible a secure encrypted VPN should be established between your office firewall and the cloud environment to protect the data in transit. And SMEs should engage third-party firms to conduct penetration tests or risk vulnerability assessments.
“You would be surprised how many cloud environments we find completely unsecured,” he said.
“SME's must ensure all Internet-facing servers or services are set up with the correct security controls in place.”
Password Security
Two factor authentication is an added layer of security that can be important depending on your security requirements. Many banks use two factor authentication. The Singaporean government recently adopted two-factor authentication for SingPass.
Often it is simply a matter of turning two-factor authentication on with your cloud service.
Capiteq says however it is often the human element where the weakness is found.
“Passwords should be regularly changed and users prevented from changing back to their preferred password,” Mr Rayner said.
“It is also important to make the password complexity manageable. A password policy is redundant as soon as someone has to write down their 15-character, alphanumeric, special symbol password."
Mr Rayner said a policy for changing passwords after staff leave was critical.
In summary:
- Consider the value of your data
- Understand the threat
- Identify your core data
- Put in place a backup policy and procedures
- Put in place a password security policy and procedures
Singtel Business Backup Suite is a backup and disaster recovery solution that delivers complete data protection on your physical workstation and servers, managed by a single, easy-to-use console. It allows businesses to
- deploy and manage backups easily and quickly with zero lead time
- backup devices on any operating system, file system and location
- securely store files on SSAE 16 and MTCS-Singapore certified Tier IV designed data centre hosted in Singapore
To find out more about Business Backup Suite, click here.