3 Steps to Bridging Your Security Gap

There is a gap between the perception of risk we face of data loss and the reality of what’s going on in today’s internet-connected business world.  We frequently hear stories like the following in the news.

A healthcare center in Wyoming was hit by a ransomware attack that crippled the majority of patient care systems forcing the facility to transfer patients to other facilities.

A Denver university’s website, phone lines, email service, and online programs were shut down in the middle of finals and the subsequent semester due to a malicious cyber-attack.

A small city in Florida had to pay $460,000 to recover data and regain control of email and other servers that were seized in a ransomware attack.

Many, if not most, small to medium businesses are busy, and often ignore the risks, intentionally or not.  As a small to medium business, you may not be aware that….

40% of small and medium businesses experienced 8 or more hours of downtime due to a severe security breach in the past year.
58% of data breaches in 2018 affected organizations categorized as a small business.
32% of companies lose data in the cloud to accidental or malicious deletion, hackers, and software issues.
14% of businesses that experienced a ransomware attack last year had a senior IT staff lose their jobs.
55% of US businesses suffered a ransomware attack in the last 12 months.
86% of ransomware victims had antivirus installed, 65% had email/spam filters, and 29% had pop-up blockers.
47% of data-loss was due to end-users deleting information and 17% were users overwriting data.

Businesses of all sizes are under siege from an increasing volume and variety of cyberattacks.  On top of malicious threats, there is also a wide range of accidental or uncontrollable ways data can be lost or damaged.  With so many possible risks to business data, it’s clear that backup isn’t optional anymore.

User Error From accidental file deleting and overwriting to spilling coffee on laptops, user error is the #1 cause of data loss.
Ransomware Attacks Even if you pay a ransom, you’re not guaranteed to get all of your data back.  Victims who paid only recovered 92% of their data, on average.
Other Cyber Attacks/Breaches From phishing and password attacks to network intrusions and malware, there’s a variety of ways bad actors try to access or corrupt valuable data.
Malicious Deletion There’s a risk of angry employees on the verge of quitting or being fired purposefully deleting critical data out of spite or to cover their tracks.
Employee Turnover Well-meaning departing employees sometimes try to “clean” their devices and file systems before leaving.
Hardware Failure Hardware failures, such as device or server crashes, can lead to huge amounts of data loss.
Device Loss or Theft Mobile workforces increase the risk of lost or stolen laptops and smartphones that contain corporate data.
Physical Disasters & Power Outages Fires and floods can destroy devices and servers, while power outages lead to data loss due to unsaved data or data corrupted by improper shutdowns.

I don’t have any data of value…..

Many small businesses think they don’t have any data of value, but the truth is, any customer or employee data can have value to the right person. Personally Identifiable Information (PII) can fetch a large price on the black market, and of course, competitors will always be interested in learning sales, financial, and proprietary info.

  • Credit Card Info $2 – $5 (per record)
  • Customer PII $20 – $450 (per record)
  • Employee PII $20 – $450 (per record)
  • Medical Records $20 – $50 (per record)
  • Sales / Financial Info Competitive Value
  • Proprietary Info Competitive Value

Data’s resale value doesn’t matter when it comes to ransomware.

Ransomware attackers don’t need to be able to monetize stolen data, they just need the victimized business to require their data enough to pay to get it back.

58% of businesses who paid a ransom in the last 12 months, did so because the cost of the ransom was less than the cost of lost productivity from downtime due to the attack.

Serious businessman looking at laptop screen.

Is my industry different?

It’s important to customize your backup/business continuity discussion to any data protection needs specific to your client’s industry. Here are a few talking points related to specific industries you can use to tailor your conversation.

Healthcare Financial Retail & Hospitality State & Local Government
Healthcare was the #1 industry for cybersecurity breaches in 2018.
Social Security Numbers are the most at-risk data, with health information second most at-risk. Compliance-regulated healthcare organizations face hefty fines and penalties for HIPAA violations (fines can be in the millions!).
Finance and insurance were the second-most breached industries in 2018. Finance was the second most targeted industry for ransomware attacks in 2017. 6.1% of clients stop working with a breached financial company. 66% of retailers paid the ransom after a ransomware attack due to the threat of lost sales. During 2018, 50% of US retailers experienced a data breach. The most valuable information from hospitality businesses is client information, passport information, and credit card numbers. Local governments have been hit HARD by ransomware attacks recently (6.4 attacks per month in 2019, up from 4.6 per month in 2018). 60% of all publicly known ransomware attacks in the US in 2019 targeted state or local governments. In 2019, Washington, PA paid $21,250 and Lake City and Riviera Beach, FL paid $1.1 million ransoms.

So….What can I do to protect my company?

At AZTS, we believe the best approach to being as secure as possible is to start by assessing the risk your individual company faces with the backdrop of the industry you work in.  We work with our clients to deploy a multi-faceted approach that may include combinations of a robust backup plan, a disaster recovery plan, business continuity, high availability, virus & malware protection, and employee education and awareness program.

Each of these solutions can be tailored to the individual company addressing their needs.

The most important part is to not ignore the risk, create a plan, and take steps to improve your stance.  It will protect your hard work, your customers, and your employees.