Data Loss Prevention for SMBs
More data around at the SMB level also means more potential for issues with that data — and one of the primary concerns is data loss. Since this clearly resonates with people we work with daily, we wanted to offer up a bit of a primer on the topic to help guide understanding of what exactly it is, how it happens, and how it can be prevented.
What exactly is data loss?
Data loss can be defined in business lexicons as an error condition in which information is destroyed by failure or neglect in either storage, transmission, or processing. One key distinction to note that some companies struggle with: data loss is different than data unavailability, which typically is the result of a network outage. Once the network outage is resolved, your data is usually accessible. That’s not a data loss situation.
Boston Computing Network has defined four essential types of data loss:
- Human Error: Such as overwrite or accidental deletion
- File corruption: Such as a virus or software error
- Hardware: Such as drive or CPU failure
- Site-related: Such as damage to your physical property via lightning, flooding, etc.
How prevalent is data loss?
At an individual level, it’s roughly 46% annually — meaning nearly 1 in 2 people will lose some data each year.
At the enterprise and SMB level, numbers are similar. According to a 2013 report by Symantec, 47% of enterprises lost data in the cloud and 37% of SMBs did. Worse still: 66% of companies — both enterprise and SMB — saw data recovery operations fail. Broadly speaking, that means if you’re a decision-maker at an enterprise company, you’re staring down the barrel of this 1-2 punch:
- You have a nearly 1 in 2 chance of losing data
- Once that happens, you have a 2 in 3 chance of not getting it back
Those are not great numbers for any business decision-maker to be considering.
What’s the bottom-line impact of data loss?
The most sobering statistic is from Boston Computing: 60% of companies that lose data and can’t restore it end up shutting down within six months of the disaster. This might seem high, but it’s actually somewhat logical: whether you’re B2C or B2B, most data involves your customers or clients. When you lose that data, you create a rift in that relationship — and customer relationships are more valuable than brand itself in the modern business climate.
In terms of specific numbers, IT professionals in one survey noted that the average revenue hit from data loss would be $468,610. That’s not necessarily a huge amount for an enterprise company, as Fortune has also noted, but it’s a massive hit for a small business. At the enterprise level, though, there are intangible (non-spreadsheet) costs to consider: 24 percent of IT professionals polled in the above survey said office morale dropped, and 21 percent said their IT processes instantly became micromanaged. In virtually every case examined, the data loss led to quitting and turnover within IT ranks, which in turn depleted existing organizational knowledge.
How can data loss be prevented?
This is a major topic — data loss prevention has six million Google results, for example — but there are key approaches. Human error can never totally be prevented, although it can be managed. Damage to your site can occur when you least expect it and sometimes can’t be prevented (flood, tornado, etc.). But it can be mitigated.
Some of the best practices include:
- Consistent backups
- Create easy-to-understand-and-follow processes for all employees
- Use anti-virus software and keep it updated
- Use a UPS to protect against power surges
- Don’t ‘over-tweak’ your system
- Place data centers or servers in dry, shaded, dust-free, well-ventilated areas
- Protect critical files and applications
All of these are important, but some of the most important involve these ideas around process and over-tweaking your system. The surest way to encourage human error towards data loss is to make your systems and processes too complicated for an average employee to understand and follow. Companies and IT departments often do this without realizing it, thinking that more process means more safeguards. In reality, data loss works in an inverse way: the more processes often mean less safeguards, because employees become confused about what they need to do, end up ‘ad-libbing,’ and data can become lost. A K.I.S.S. approach (keep it simple, stupid) does come in handy here.
You also need to make sure you’re working with the right vendor for your business needs. Some content management systems, for example, are better suited for enterprise. Some are better suited for small business. Major providers like Google and Microsoft are often excellent in many respects, but lack the adaptability your specific business needs around its content. Do your research, but do it within the context of your value proposition and business needs. There’s no cookie-cutter approach to how you choose a content management system. Remember: if all that content and data is lost and you’re one of the 2 in 3 who can’t recover it, there’s a 6 in 10 chance you won’t be in business a year from now. This is a crucially important decision for your organization, so frame it in the correct context.