Last week we talked about the alarming percentage of data breaches that are occurring in health care organizations. The latest Poneman report found that “89 percent of surveyed health care providers experienced a data breach in the last 24 months, with 79 percent admitting to suffering a minimum of two breaches.”
TrendMicro reports that the top reasons cited for data loss were “SMB employees’ tendency to open attachments to or click links embedded in spam, to leave their systems unattended, to not frequently change their passwords, and to visit restricted sites. This negligence puts critical business data at risk from data stealing cyber criminals and malicious insiders.”
In this report SMB’s state that they are no longer just at risk of losing data due to external threats such as hacker attacks and other external compromises, but they are, in fact, in “even graver danger due to employee negligence or maliciousness. Even worse, 64% agree that their organizations need to rearchitect their security infrastructure against hackers or malicious insiders attempting to steal data.”
They say that the effort to mitigate this risk “may require focusing on data-centric security for confidential information, which entails relying on not only traditional outside-in protection but also on protection from the inside-out.”
This report brings forward the risks from employees using mobile devices such as smartphones, tablets, and laptops, and says that the era of BYOD (Bring Your Own Device) is “here to stay.”
Another alarming issue brought up is that SMB’s “routinely fail to back up data.” This issue is a fairly simple one to correct and doesn’t require in-depth analysis to understand its risk potential, but either through ignorance or a lack of understanding of the importance of an organization’s data, the SMB market still doesn’t understand that they need to budget to back up their data.
The Trend report states that “less than 50% of SMBs routinely back up
data. This, along with risky employee behaviors, the BYOD trend, lack of
adequate security protection, and various other threats to data, is putting them at great risk.” They also say that “about a third of U.S. companies also had no backup and
disaster recovery strategies in place, citing lack of budget and resources
as primary reasons.”
Any small business needs to ask themselves if their business would survive the complete loss of their accounting systems, their payroll records, their customer data, any intellectual property that they may have on computer, and any other data that they may use daily to operate their businesses.