Security risks most businesses overlook
We all know there are risks associated with running a business, and by now, most people have learned to protect themselves against the common risks, particularly internet-based risks like viruses and malicious email spoofs asking for social security numbers or bank account numbers. Most know that the Prince of Africa is not really on the other end of the email asking them for help, and most know that they haven’t won $1,000,000 dollars randomly.
Lynda Martel, Executive Director, Government and Enterprise Business Relations at DriveSavers Data Recovery notes that “there are many well-publicized security risks that a small business faces today: disgruntled employees, malicious outsiders, Cybercriminals, etc. The biggest threat to the security of any company is always the risk they have not prepared for.”
Those are all scary, but what is the biggest unknown security risk to a small business today? Martel says it is “Unexpected data loss requiring the use of a third-party data recovery service provider.”
“Most organizations have a dangerous gap between IT security and IT support teams that puts them at risk,” Martel tells AGBeat. “Data recovery is not on the radar of IT security, who believes their disaster recovery plan adequately addresses the organization’s data loss risks, and that drives are never sent out to third parties for data recovery. IT support teams know better. They choose and regularly use data recovery service providers when a storage device fails unexpectedly and business-critical data has been lost. Mandated by management to recover the data fast and cheap, IT support will choose a provider based on their advertised turnaround time and price. They are not vetting the provider’s security protocols, data recovery capabilities or expertise.”
How to protect against these security risks
You can close this gap within your organization and protect yourself from this risk, Martel says. “Acknowledge that data loss can happen and plan for it by putting policies and procedures in place. Choose a data recovery vendor and vet them thoroughly.”
How does one go about doing this? Martel says that a reputable service provider should be able to provide documented proof of the following:
- Annual security audits and proof of compliance with the same data privacy and security regulations your organization must uphold by law.
- Proof that all employees undergo vetting and background checks.
- Proof of a Business Continuance Plan and Information Security Policy in place and updated annually.
- Certification of training in all leading encryption software products and platforms. Customized solutions for encrypted data recovery. Use of encryption for data files in transit. Lock boxes available upon request.
- Verification of qualification to handle enterprise-class data storage systems. High Security Service that meets US government protocols.
- Chain-of-custody documentation. Confidentiality and non-disclosure agreements.
- NSA- or DOD-approved process for the secure and permanent destruction of unwanted drives and data.
Knowing not only what security risks your business faces on a daily basis, but how to combat it, and how to choose a proper partner in the battle is critical. Imagine being in a position where your customers’ data is vulnerable and what kind of hit your business would take if you aren’t minding all possible security risks.