What is the foundation of today’s companies? Is it financing, resources, equipment, land, raw material? No, the best asset a company can have in today’s time is DATA. It can make or break the future of a company. Any episode of downtime or loss of data can have serious consequences, especially to small size companies. Now that we have moved from physical storage to the cloud, backup strategies have improved a lot but still, the loss of data due to human errors or accidents is observed quite often. When a small or medium size business is affected by data loss, it becomes difficult to estimate the revenue loss and brand name damage compared to big companies. Due to a lack of training and appropriate resource allocation, SMBs are overrepresented in cyberattacks. They think they aren’t the best target for a hacker because of their size, which has been proved wrong numerous times by the hackers. The only question is that they wait “When” they are going to be attacked. SMBs need to secure their data protection strategy as efficiently as any other bigger business.
Current Statistics
There is a huge amount of money demanded in ransomware attacks in the recent past which has been paid by the small and medium size business owners. An average of USD 4,200 per user in a small company. Whether it is hardware failure, user mistake, or a natural disaster, the data of a company is at constant risk because of protection overlooked. Money loss becomes a secondary issue when the damage caused by data loss is far more adverse than the amount paid.
- Cloud-Based
It is reported that 37% of small and medium size businesses have reported losing data saved in the cloud.
- Password Protection
Only 22% of small business employees have reported that their company management compelled their staff to use a password manager.
- Forced Shut Down
It is reported that 66% of SMBs experienced a loss data incident that caused them to shut down for at least one day, and in some instances put them out of business altogether.
- Ransomware Attacks
39% of SMBs admitted that if they ever suffer a ransomware attack, they are prepared to hand over “almost any price”.
Malpractices
- Backup Files
In case of accidental data loss, companies are accustomed to depending on physical backups of important files, which they have stored in hard drives. Sometimes the risk of losing these files to any kind of natural disaster, theft, or location-based incidents, a safer method is cloud-based backup solutions. It includes DropBox, OneDrive, and similar tools. However, putting your data on the cloud is not entirely considered as protecting valuable company data. This activity is employee dependent, as they proactively save their work on assigned locations. Sometimes accidental loss of data location, forgetting about saving the data, accidental overwriting, or even human error significantly take the position of most frequent cause of data loss at the workplace. On the other hand, if an SMB is attacked by a virus or malware, the malicious virus can effectively and quickly spread throughout the company through the cloud. Consequently, 37% of SMBs have reported losing data saved in the cloud.
- Issue of Reliability
There is a major concern of reliability for small and medium size businesses’ use of the cloud. The dependence of SMBs on personal laptops and other private devices for daily tasks increases the risk of leakage. The main device which is company-owned can only allow transferring and copying files which can reduce the risk of missing files.
- Data Theft Incidents
SMBs are also valued by cyber criminals for data theft, and since their data is often linked to an exposed source of personal and corporate information. Data collection, maintenance, and security have evolved rapidly in the past years. Since it is assumed by the SMB heads that their data isn’t sophisticated enough to be stolen, and lack of resources to make it secure collectively provide an open door to cyberattacks. Therefore, it is estimated that 58% of companies that suffer cyberattacks today are classified as small businesses. Moreover, for ransomware, this figure can rise as high as 71%. Another estimation confirms that 47% of SMBs in the US and numerous in European countries faced cyberattacks between 2017 and 2018. Among all the affected companies 44% had been exposed to two to four attacks during the given period, while 8% had suffered for five or more times. In 2018, the incidents of cybercrime rose by 59% year by year averaging 62 incidents per day. Throughout 98% of SMB owners were reported to have a threat to their businesses, among these there were 25% considered it as a major, and 46% as a moderate threat. Even after paying ransom following an attack, one in five SMBs (almost 18%) are still unable to recover data. The worst problem is that less than 33% of incidents are reported to concerned authorities.
- Restricted Budget
It has become evident that small business regularly falls behind their IT budgets. SMBs failure to identify and accept their vulnerability leads to neglecting to invest in IT security. Therefore, they consistently fall behind appropriately prepared bigger businesses. The ever-increasing gap between IT skills and resources push SMBs to rely on their employees’ curbed knowledge of cybersecurity. However, it is estimated that only 18%of SMBs in the United States provide regular IT trainings to their employees in order to help prevent cybercrime.
- Weak Password Protection
Using a password manager also turns out to be followed by limited employees of small businesses. Only 22% of SMB employees are reported to be compelled for using password managers by their management. Moreover, around 67% of employers agreed that personnel using weak password settings became a considerable burden to their businesses which left them vulnerable to ransomware attacks.
Impact of Data Loss on Small Businesses
When SMBs suffer data loss, more than 80% of the cost is contributed to decreasing employee productivity. One hour of downtime can cost as high as USD 8,600 to an SMB, and if that goes up to one day, the damages reach USD 68,000. Consequently, shutting down remains a consistent threat in the case of such a big loss. SMBs are usually affected disproportionately in terms of revenue by downtime. This also results in loss of accounts because of breach of trust which adversely affects their brand image as well.
If data of a small business is withheld by the cyber criminals, 55% showed willingness to pay for recovery, which is 74% in the case of larger organizations.
Recommendations
- Cloud-based backups can serve the best purpose to secure backup files every 30 minutes rather than depending on an in-office server or hard drive. This prevents physical theft or disaster as well, and backups are accessible irrespective of location.
- Data protection-focused strategy must be improvised and implemented by every SMB which should be independent of user behavior or work style preferences as well as user-friendly and efficient.
- Deployment and designing of cloud-based data protection are not just convenient but quick as well. It only takes one to two days for data retrieval as well.
- A multipronged approach must be devised which should ideally include employee training and education as well. Trained staff along with local backups for lost hardware, and cloud-based backup solutions, all three can work together and efficiently to protect SMBs from loss of data through any channel.
The increasing preference for remote work in the IT sector has also imposed a threat of data loss due to workers’ access at their home computers. Since this trend can’t be reversed, the only way forward is to take initiates to protect data accessible by remote staff.
