Data Wiping: How do SMEs protect
their data?
The 2018 Varonis Data Risk Report study recently
revealed that the average cost for a company to repair the damage of a single
malware attack is estimated at $ 2.4 million. It is much better to avoid
risks in time and invest in technological measures to secure data. Many
companies do. Total business spending on data security has risen from $
102 billion to $ 124 billion in the past two years.
Why SMEs
should play it safe
“It is no longer a question of whether the company is going to be attacked,
but when it is going to be attacked. It doesn't matter how big they are,”explains
Florian Goldenstein, Director of IT Security at Konica Minolta Business
Solutions Germany GmbH. “Large companies are getting better prepared for
cyber attacks. That is why the attention of cybercriminals is increasingly
directed to small and medium-sized companies, SMEs”, says the security expert.
But if you look closer, companies are easy
prey. According to the aforementioned study, around three-quarters of
companies admit to using more than 1,000 sensitive and outdated files, which
represents a great security risk. 41% of companies acknowledge having
sensitive databases, such as those containing credit card or medical data,
which are completely unprotected.
The growth
forecast for 2025 is huge
Statista's forecasts on the annual generation of data
generated show the importance of the issue of security and that it will
increase in the future. The amount of data generated is estimated to grow
from 33 zettabytes in 2018 to 175 zettabytes in 2025. For clarification: One
zettabyte is equivalent to 1,000 exabytes. In figures, it would be a one
followed by 21 zeros.
The IDC and Seagate Data Age 2025 study also assumes a
huge data surge by 2025. While most of the data so far has come from end
customers around the world, the study anticipates that creation will move into
the future Business. In 2025, experts estimate that companies will
generate about 60% of the world's total data. The study states that with
the Internet of Things (IoT) alone, an average consumer will interact with
4,800 devices daily. And all that data has to be protected.
Data growth
requires protection and security
To safely manage data and its growth, it is necessary to
have two very important concepts: Data protection and data security. The
two terms are often used interchangeably, but their meaning is not exactly the
same. Here are the two definitions:
- Definition of data protection:
Data protection is concerned with guaranteeing the right
of each citizen to self-determine in terms of information and their protection
against the misuse of their personal data. The question of what data can
be collected and processed is part of data protection.
- Definition of data security
Data security deals with technical and organizational
measures to protect corporate and administrative data. Determine and
establish measures for the protection of this data. The term information
security includes any type of stored data.
Data Wiping defines global goals
Whether it's personal data or development, production or
customer data, data security needs to take into account several aspects to
prevent data from becoming an attractive target for hackers or cyber
attacks. Bearing this in mind, broad objectives must be defined to meet
the needs in all these aspects.
The most important objectives of data security are:
·
Prevent the misuse of data, for example that it may be
damaged, deleted or stolen.
·
Optimal protection against external attacks such as cyber
attacks
·
Careful protection of internal accesses, regulating the
access rights of employees. Confidentiality is important
·
Without conflicting with the above, all company data must
be accessible and available at all times
·
Naturally, the authenticity of the data must also be
guaranteed
·
Finally, the integrity of the data ensures that the data
is not damaged or modified.
Professional
concepts and measures are of paramount importance
It is necessary to consider strategic concepts and
measures of data security, which include all these objectives from a global
point of view. This is essential, because IT experts know from experience
that "the more things you can do, the more things they can do to
you." In other words: If that data is very useful to you, it can also
be very useful to other people.
Today's IT structures are complex. Many businesses
use workflows that cross borders and involve international use of data.
SMEs are adjusting little by little to this new
situation, growing and working more and more efficiently. But new methods
of work and production are also making them more vulnerable.
Measures
for data security: Do you know these five levels?
The
steps to take for a comprehensive approach include the following five points,
which should always be considered when it comes to safety:
1. Cybersecurity
Includes
security measures such as a firewall ( firewall ). Firewalls
are security systems that protect computer networks or individual computers
against unwanted access. This level also includes data encryption
technology.
2.
User security (end
point )
Includes
password, antivirus and antispam access protection.
3.
Authentication technology
It
is important that company data is protected with secure access controls.
4.
Protection against data loss
There
are many situations that can cause data loss: Cyber attacks, blackouts, short
circuits or fires. The causes of these losses can be further analyzed by
analysis protocols and records ( logs ) and backup
software ( backup ) assures us that there are safe
copies of all data.
5.
Security and data exchange
Secure
data exchange is essential for communication and collaboration with partners
and customers.
A good concept of safety always considers the human factor
Security
threats are not limited to malware and hackers. A comprehensive and
professional concept of security also includes training for employees.
All employees
of a company must understand, especially in times of rapid growth that data
security is an essential factor in the success of the company, whether they
work in purchasing, sales, customer service or development. It's important
that everyone is familiar with the company's data security standards and what
to do if a critical security incident occurs.
A
transparent IT structure is very important
The basic prerequisite for well-functioning data security
is a clear and transparent infrastructure.
The following areas are especially important for a
well-planned IT infrastructure:
·
Company-owned servers and protected data centers
·
Cloud solutions
·
Safety / Failure Protection / System Failure Protection
·
Risk analysis / Analysis of protection needs,
authorization management, user security, mobile device control
·
Network / Network Security
Data
Security Measures Need Firefighters Too: Future-Safe Incident Response
SMEs can consider
themselves well prepared if they are ready to act as quickly as possible in the
event of an emergency or cyber attack. To do this, strategic incident
response processes must be established. In the event of an attack, malware
can be detected more quickly and the damage it causes can be limited.
After an attack, we will need competent IT experts to
contain the damage. These experts use forensic methods and measures to
detect the vulnerabilities that have put the company in this unfortunate
situation. In addition, they analyze infected systems to discover the
mechanism of the attack. Based on that analysis, they can develop a
strategy to improve data protection in the future.
SMEs that carry out random inspections of data security
measures and their systems from time to time have a better chance of staying
secure. Thus, they protect your data in the long term and the security
status of the company can be estimated at any time.
No comments:
Post a Comment