There are numerous ways data can be put at risk. A number of different events will have an impact on customers and pose a threat to your brand, as well as your ability to provide services.
1. External Bad Actors – Clearly, this is the risk that gets the most headlines. Cyberattacks from hackers, foreign governments, and entities with bad intentions are a serious, ongoing threat. Ransomware viruses, for instance, are data kidnapping schemes that freeze access to your data until you pay a ransom. These are especially difficult, because once you have been hit, using an after-the-fact antivirus program will offer no help. Additionally, there are phishing scams and other malware that can damage and or steal your data.
2. Human Error – One of the major causes of successful cyber attacks and malware attacks is employee error. Opening emails with attachments that download viruses or links to web pages that mimic real sites are common mistakes people make. For example, employees who find a thumb drive and, curious about its contents, insert it into the USB of their computer. All of these errors are generally preventable with sufficient training. But, too few businesses recognize the severity of the threat. Employees need to be trained to recognize phishing scams.
3. Insufficient Hardware and Software Protections – There are two categories here.
a) Software: Constantly updated antivirus applications are a requirement, not just on servers, but on every device that connects to your communications network. Additionally, it is important to consistently upgrade all of your software whenever upgrades are released. Many upgrades are released to specifically address a vulnerability that exposes the user to a new virus.
b) Backups: Failure to have a well-designed backup procedure for all of your data can mean your don’t have accurate backups if something happens. If your IT staff is limited, this is an area where consultation with an outside managed service provider may be of particular value. A daily, or weekly, backup to an external hard drive that is kept in a drawer is not sufficient. Also, not having plans for a quick swap-out for failed hardware can leave you dead in the water until new hardware can be ordered, delivered, and configured.
4. External Events – Your customer’s data can be carefully protected against theft, hardware failure, and human error, but it isn’t of much value if you cannot access it. The final step in protecting customer data is addressing the conditions that would limit your ability to use that data to serve your customers. Examples of these risks include natural disasters, terror attacks, and human-created events, each of which could cause physical damage to your business site, or limit physical access to it. Such events can also create power, broadband, and/or telephony outages that make your data inaccessible, even if you have remote access.