Such has the impact of data been over the past several years, that some suggest it has surpassed oil as the world’s most valuable resource, says Leon Mwandiringa, Full Stack Software Developer, at Black Beard Technologies, and further stats show that the amount of data generated globally will increase from 12 zettabytes (or one trillion gigabytes) in 2015 to 163 zettabytes by 2025. Is it then any wonder that protecting this asset should be a top business priority?
In fact, data breaches have become one of the most significant cyber threats in today’s connected world. The average cost of such a breach is estimated to be in excess of R55 million. Loss of data is considered one of the biggest sins in the digital landscape with companies not only having to deal with the resultant financial repercussions of paying fines and potential lawsuits, but reputational damage as well.
Building relationships (and trust) with customers is a fundamental business strategy for competitive differentiation. It is very difficult to rebuild that trust, if personal data is compromised. The adage of reputation taking years to build and seconds to destroy is even more relevant at a time where data drives virtually every aspect of people’s lives.
A security-first approach
Given how most data breaches occur at small businesses who can neither afford the financial cost or loss of customer trust, security must be fundamental to any company strategy. As a starting point, employees must have formal training on all relevant security matters. This goes beyond knowing the basics of not opening a suspicious email or plugging in an errant flash drive into a computer. Instead, it must encompass everything from how data is accessed and used to what employees are saying on social networks and how that can be exploited for social engineering purposes.
From a technology perspective, businesses must have the required disaster recovery, business continuity, and backup elements in place. Just because a company has embraced the cloud, does not automatically make that data safe or available in the event of a cyber security attack.
Applying the oft-quoted 3-2-1 backup rule is therefore a given. It states that a company should have at least three copies of its data, two copies on different storage media, one of which is located off-site. Using trusted solutions for encrypting connections to a cloud provider or the employees’ devices that limits the potential for data breaches when working remotely, are also essential.
Right solutions, right skills
From a solutions perspective, it is a good idea to use out-of-the-box solutions from cloud providers such as Microsoft Azure or Amazon Web Services. These typically have everything set up as required and reduces the unnecessary business expense of building one’s own solutions.
Those organisations that manage highly sensitive data such as financial services providers, in-house develop is important to complement the solutions from hosted providers. But regardless of the approach followed, decision-makers should leverage the options provided by cloud providers for guaranteed services availability, scalability, redundancy, and so on.
It also does not make sense for businesses outside the IT sphere to have in-house expertise for cyber security or data management. Instead, they should opt for trusted and experienced partners that specialise in those fields. This not only keeps costs down but also enables the organisation to remain focused on its core mandate.
Back to basics
With effective data analysis a vital part of its management (and security), organisations need to keep the basics of business in mind. It is easy to be tempted into embracing the latest technology innovations such as artificial intelligence, machine-learning, and the like only to lose sight of the strategic drivers for growth. From user training and using reputable solutions, to implementing two-factor protection and keeping systems up to date, the same age-old principles apply regardless of how data is being accessed. Decision-makers have the power in their hands, they just need to focus it on ensuring their data is protected at all costs.