Almost every fifth small and medium company (18%) has experienced data loss in the last 6 months – according to the survey Data storage security in SMEs carried out at the request of One System. At the same time, companies seem to be aware of the risks associated with this. According to respondents, the biggest risk for company data is hardware failures (65%), inattention and carelessness of employees (59%) and hacker attacks (40%).
Over the past year, company data has lost 3%, and over the past two years – 4% of surveyed SMEs. 11% of companies had such an incident more than two years ago. It may be surprising that as much as 60 percent respondents claim that so far they have not faced this situation. This would indicate that SMEs are well prepared for any events that threaten data security.
In fact, the situation is probably not as optimistic. It should be assumed that some of the respondents simply will not admit such an incident. There are also organizations that cannot disclose such facts or those that will only learn about the loss of theirs. We have no doubt that enterprises are divided into those that have already experienced data loss and those that will lose them in the near future. Therefore, it is a must for every company, regardless of its size, to implement a backup plan that will recover information after such an incident. Such a plan should become part of a broader data protection policy.
(Not) Prepared for the Worst?
Interestingly, small and medium-sized companies are aware of the risks associated with data security. 65% of respondents indicated a hardware failure as the greatest threat, 59% the inattention or carelessness of employees. 40% of respondents indicated a hacker attack. The surveyed companies also count on the possibility of sabotage on the part of their employees – 32% of them indicated this answer. How can they prepare for these threats?
The basis is a modern server infrastructure, which will ensure that any failure will not interrupt the operation of the entire system and ensure business continuity. In turn, the recipe for potential negligence of employees should be regular staff education on good data protection practices. Only in this way will it be possible to create the right habits and avoid the severe effects of cyber-attacks such as phishing, a method based on fake emails that uses the insufficient awareness of employees in the field of cyber threats – says One System expert.
And what does preparation for these threats look like in practice? Basic protection against malware, i.e. antivirus protection on employees’ computers, is used by 86% of respondents. 63% of companies also implement this type of security on their servers. As many as 83% of respondents declare having a backup plan. Unfortunately – only 64% of them keep backup copies in a different physical location.
The information security job profile is to approach to backup uses the 3-2-1 rule, which means that we have 3 copies of data, 2 of which are stored locally, but on different media, and one in a remote location, which is to protect against events such as fire , flooding or theft on the company’s premises. If we treat backup as the most effective protection against threats such as ransomware, i.e. malware capable of encrypting resources connected by a network, it is important that one of the copies is stored offline.
Small and medium-sized businesses don’t miss out on failures and unplanned downtime. Due to a server fault, 16% of the surveyed companies had a break in work in the last 6 months. 7% of the organizations surveyed experienced downtime in the last year, and 8% in the last 2 years. As many as a quarter of companies indicated that unplanned downtime lasted half a day, and in the case of 9% of companies they prevented them from working all day. Meanwhile, according to various sources, the cost of downtime for a medium-sized company in Poland is about PLN 10,000 net per hour, which on an 8-hour day translates into PLN 80,000 net.
Such a loss may even result in a loss of financial liquidity. Damage is not limited to the financial sphere – failures can damage the company’s reputation, weaken its customer loyalty and affect relationships with suppliers and business partners. In the worst-case scenario, they can lead to the collapse and a big market player, and a modest venture.