Consequences of Data Loss – Protecting Your Business with BackupVault
An organisation’s data is often its most valuable asset, but as our ways of working change and the cyber-threat landscape evolves, protecting that data is becoming an increasingly urgent problem. With business-critical information spread across multiple sites, platforms and devices, and a notable rise in attacks from malicious actors in recent years, it’s never been more important to stay informed about the risks and consequences of data loss – and what you can do to reduce them.
What is data loss?
A data loss incident is where data is deleted, corrupted or made inaccessible or unreadable. Data can be lost from where it’s stored, during a transfer process, or within a network. The loss or theft of a storage device also counts as data loss.
What causes data loss?
Estimates vary, but reports and surveys consistently find that human error accounts for the vast majority of data loss incidents. Verizon’s 2022 Data Breach Incident Report found that 82% of data breaches involve an element of human error.
Other causes of data loss include:
- Hardware malfunction or outright failure
- Power outages or SaaS platform outages
- Deliberate malicious action by former employees or existing staff with a grudge
- Cyber threats, including ransomware attacks, phishing attacks, spyware, Trojans, viruses and worms
The shift to remote working has increased the risk of data loss for businesses. When working from home, employees are often not protected by office security protocols and are likely to be more relaxed about data protection measures. In 2020, shortly after the start of the pandemic, a survey by Tessian found that the move to home working had severely impacted businesses’ IT security. 48% of respondents admitted they were “less likely to follow safe data practices when working from home” and 50% of employees believed they could get away with “riskier behaviour” while working remotely.
Even when employees are working on-site, the rise of Software-as-a-Service (SaaS) applications means that data is now spread across many different devices and platforms. And because SaaS and cloud services allow users to access their data from almost anywhere with an internet connection, backing up SaaS apps is often not seen as a priority. In short, it’s becoming harder for IT leaders to keep track of what needs protecting.
It’s not just employee behaviour putting data at risk. The UK Government’s 2022 Cyber Security Breaches Survey found that cyber-attacks had become more frequent over the preceding 12 months, with 39% of businesses and 30% of charities experiencing breaches or attacks in that time. The cyber-threat landscape is continually evolving, so businesses need to stay on top of their security procedures to ensure their data is always as safe as it can be.
The consequences of data loss
The consequences of data loss can be disastrous for businesses. If it’s a major data loss incident, there will be the immediate financial cost of not being able to operate until data is restored. The time and resources spent on recovery can also cost organisations dearly – IBM’s 2022 ‘Cost of a Data Breach’ report looked at 550 companies of varying sizes across 17 different regions, and found that the average cost of a data breach globally is $4.35 million. For a UK organisation, it’s even higher, at $5.05 million.
However, the financial costs of data loss don’t just arise from the work of recovering data and returning to ‘business as usual’ – if an incident reveals an organisation to be in breach of legislation or industry regulation, the fines incurred can be significant. In 2022, criminal defence firm Tuckers Solicitors was fined £98,000 after failing to protect data that was leaked in a ransomware attack. In the same year, the UK’s Information Commissioner’s Office fined the Interserve Group Ltd £4.4m for failing to secure the personal information of their staff, which is a breach of data protection law. If any individual suffers as a result of their data being leaked, they are within their rights to take legal action, which could cost the offending business even more money in pay-outs.
Data loss can also severely harm a company’s reputation. If your organisation has failed to secure client or customer data and you suffer a breach, the word will spread, impacting future business. Customers will be put off using the services of a company that does not take data security seriously.
Ultimately, data loss can cause a business to fail completely. Research by the University of Texas found that 94% of companies who suffer a catastrophic data loss never recover. It’s therefore vital you have a comprehensive strategy in place to protect your data.
How to prevent data loss
Protecting data is an ongoing process and everyone in your organisation has a role to play. Here are some of the data loss prevention tools you can use and measures you can take to keep your business-critical data safe and secure…
- Arrange third-party backup. The most effective action you can take to protect yourself against data loss is to implement third-party backup using a provider that encrypts your data both during transfer and at rest. With external backup in place for both your on-premises data and the data you store on cloud services, you are protected from data loss no matter how it occurs. Whether you experience a cyber attack, a hardware failure, or someone accidentally deletes a file, having data backed up by a reputable third party means you can retrieve what you need immediately. If you suffer a major data loss incident, you can rest safe in the knowledge that your data can quickly be restored in full, immediately limiting the amount of disruption to your business. If you have cyber-insurance, your provider will usually require you to have immutable backup (to protect against ransomware) provided by a third party in order for your policy to be valid.
- Use firewalls, antivirus software, multi-factor authentication and virtual private networks (VPNs). Make use of as many tools as you can to secure your networks and applications. Multi-factor authentication makes it more difficult for malicious actors to access your data – even if they manage to steal login credentials, they won’t have the second factor (such as a fingerprint or a one-time code), so won’t be able to cause too much damage. For remote working, using a VPN will protect your data by routing your internet connection through a secure server.
- Keep up with software and system updates. Running regular checks and tests will allow you to patch any vulnerabilities promptly and therefore avoid greater risks down the line.
- Encrypt your data. One of the best ways to protect data is to encrypt it. If your business handles personally identifiable information (PII), you are required by GDPR to encrypt it – so that if you do experience a breach, none of the personal information you have can be connected to the subject of that data.
- Enable ‘least privilege’ access rights. A valuable measure you can take to guard against accidental data loss and deletion is to restrict access rights so that all employees can only access what they need in order to complete their work.
- Provide regular IT and data security training for all your employees. Everyone in an organisation is responsible for protecting data, so ongoing training is important. Educate your staff on data security, how to protect their devices, how to spot phishing emails, and the steps to take in the event of a data loss incident or breach.
- Have a comprehensive Disaster Recovery (DR) and Business Continuity (BC) plan. Your DR plan should form part of your wider BC strategy, and will set out the processes and procedures you need to follow in the event of a major incident. Your Disaster Recovery plan should detail how you will restore lost data, how long it will take, and how you will operate in the meantime. You should also test your DR plan at least once a year, as elements of it will change as your business grows and the amount of data you handle increases.
Prevent data loss today with online backup from BackupVault.
BackupVault: what have you got to lose?