MANY SMALL AND MEDIUM-SIZED BUSINESSES BELIEVE THAT THEY ARE NOT WORTHY TARGETS FOR CYBER CRIMINALS. THIS MISTAKE CAN ENDANGER THE SURVIVAL OF THE COMPANY
IT security and data security is a major challenge, especially for small and medium-sized enterprises (SMEs), which typically lack professional talent, time and technical resources to ensure the best protection. Sometimes, however, they don't understand the problem at all: Small and medium-sized businesses like to believe that there is such a thing as “security in the dark”, and only large companies are targeted at the attack.
Statistics show this is a fatal mistake: According to Verizon's Data Breach Investigation Report 2019, 43% of security incidents last year affected small and medium-sized businesses. In 2018, almost three-quarters of ransomware attacks were against small businesses. According to the industry association Bitkom, the German economy causes losses from cybercrime amounting to over 100 billion euros every year. Not only companies are affected, but three-quarters of all German companies.
However, this is not necessarily an external attack that
resulted in data loss. Even if the hard drive fails or employees delete
data (accidentally or intentionally), the loss can be significant. According
to the “Data Health Check” published annually, around 60% of data loss cases
are caused by hardware failure and human error. However, many small and
medium-sized businesses do not adequately protect themselves against such
incidents. According to statistics from SMB Group, 40% of small businesses
do not have structured data protection and 58% of companies do not have backup
endpoints.
DATA PROTECTION
IGNORED
Data loss is particularly
problematic when personal information falls into the wrong hands. The
European General Data Protection Regulation (GDPR) came into force in 2018,
which provides for strict reporting requirements and high fines. She made
no distinction between ten-person companies and large companies.
A user study carried out by the consulting firm Capterra in 2019 found that the
level of data protection is poor for small and medium-sized companies: More
then half of the companies surveyed do not have enough time and resources to
comply with data protection regulations, and 56% of them said that they don't
have a good command of the GDPR Trust, 40% of people only check their privacy
policy once a year.
THE MOST IMPORTANT BUILDING BLOCK FOR IT SECURITY
AND DATA SECURITY
If there is a lack of
resources and skilled workers, small and medium-sized companies should
concentrate on the most important aspects of IT security to achieve
the most effective risk minimization with limited resources. The following
components play a decisive role:
- Data Backup: Every company needs a backup solution with which
data can be continuously backed up and stored on a server or a local location
in the cloud. It is recommended that you use cloud-enabled backup devices
such as the PowerProtect DD Series from Dell EMC as these provide built-in
protection on-site and can be expanded with cloud resources for long-term data
retention and disaster recovery.
- Malware Prevention: When choosing IT security solutions, small
and medium-sized businesses should ensure that they identify and respond to
threats as comprehensively as possible. It should defend itself against
viruses and Trojans, detect harmful websites and reliably prevent phishing attacks.
- Endpoint Protection: Inadequate client protection is the main
portal for cybercriminals. Companies should therefore pay attention to
hardware with integrated security mechanisms. For example, the
manufacturer Dell offers integrated protection against device takeovers via
“SafeID”. Access data is stored on a dedicated security chip so that it
cannot be attacked by external malware. The encrypted hard drives used in
laptops and 2-in-1 systems of the Dell Latitude product line can protect
confidential data from attacks by strangers, even if the device is lost or
stolen.
- Protection of Storage and Servers: To prevent hackers from
breaking into the internal IT environment and to make gaming easier, storage
and servers should offer comprehensive protection at the company and hardware
level. For example, Dell EMC PowerEdge rack servers and tower servers
offer a built-in lockdown mode to protect the server configuration and firmware
from changes. In the event of an attack, you can restart the server with
the saved configuration to restore the server to the state it was in before the
damage.
- Identity and Access Management (IAM): The increasing use of
public cloud resources that can be accessed via the Internet and the trend
towards distributed and mobile work have significantly increased the importance
of access and authorization management. When cybercriminals steal access
to data, they usually take over the entire network and cause great damage. However,
the internal assignment of access rights is too loose, which will lead to
unnecessary risks. Therefore, when managing access rights, SMBs should
look for strong multi-factor identity checks and keep authorization to a
minimum.
- Security Awareness: According to Dell's End User Security survey, 72% of employees are willing to transfer sensitive data to external
parties, while 50% of employees are willing to transfer sensitive information
via private cloud applications or email. Hence, phishing and social
engineering are simple: they target behavior directly, trying to trick
employees into revealing passwords or executing files infected with malware. Therefore,
one of the most effective ways to reduce IT security risks is training to raise
awareness of these dangers and use alternative behavior.
FINALLY
Data security and data
protection are definitely not trivial matters for SMEs. In addition to a
security strategy that can prevent data loss, a multi-level security concept is
required that can reliably detect and fend off attacks, protect access and
confidential data and take employee behavior into account. To effectively
implement this concept, small businesses should turn to Dell's technical
advisors. They can help you identify ways to use multiple technologies and
provide ongoing support.
Comments
Post a Comment