Steps to Stop Data Loss from Your Small Business

If you've ever wondered who has the time and money to worry over security issues when they've got a small business to run, you're not alone. Many small business owners overlook even basic computer security. According to a Dell study of 1,425 small and medium businesses worldwide, 59% don't have any endpoint protection, and 33% lack basic antivirus protection. Not surprisingly, cyber-criminals have been exploiting small and medium sized businesses with ease and great success.
According to the FBI, cybercriminals steal more than $40 million a year from small and midsize companies. Small businesses and emerging entrepreneurs are targeted more often than enterprises, as they typically have limited IT resources to manage security threats. The cloud is useful – no one can argue that point – however, it has its weak points, one of which is data loss. If cloud service providers can face data loss, so can you.

Consider the following scenarios:

  1. An accounting person accidentally emails customer credit card information to someone outside the company.
  2. An email containing profanity is sent to someone outside the company.
  3. A cashier downloads transaction details to an iPhone via the USB port on a retail POS (Point Of Sale) computer.
  4. Employees commonly use USB storage devices like digital cameras, iPods, Blackberrys, and iPads.
  5. Employees use personal web mail accounts to send confidential company information.

Any of these situations could lead to an internally originated security breach. Avoiding such a breach through data loss protection (DLP) might sound like an expensive solution that only large companies can afford but, if you do your research up front, you might be surprised at what you can accomplish quickly and easily without spending a fortune.

Step 1: Define What Data is Sensitive
The trick to this step is to strike a balance between a "boil the ocean" approach and a "skim the surface" approach. Take a careful inventory of your data and determine how much of it you actually need to worry about. Some examples of confidential data include:

  1. Credit cards/store cards
  2. Contracts and quotes
  3. Customer contact details
  4. Finance and accounting files
  5. HR or health-related information
  6. Intellectual property
  7. Confidential business projects
Look for DLP solutions that come with pre-set definitions and give you the flexibility to add and change definitions for confidentiality.

Step 2: Identify Content to be Monitored or Quarantined
Email is one obvious example of content that should be monitored. Anyone, including trustworthy employees with good intentions, could make an honest mistake and accidentally email confidential data to the wrong person.
A malicious user could do far worse—emailing inappropriate content, not to mention company secrets or confidential customer information. You want a DLP solution that can detect malicious users' attempts to disguise confidential files by re-naming, copy-and-paste, or other methods.

Step 3: Identify Common Leak Points<
When a water pipe leaks, you look for common weak points or the location of previous leaks. The same applies to data leaks. Email should be the first place to look for data leaks because it's the primary means of all communication these days—and because it has so often been the source for data leaks before.
Another increasingly common leak point these days is USB ports mostly because of the new BYOD (bring your own devise) Policy. Everything in this list is essentially a mobile storage device:

  1. Digital cameras
  2. iPods and other digital music players
  3. Smartphones and tablet computers
  4. E-book readers such as Kindle
  5. USB thumb drives
  6. Mobile data storage devices

The popularity of these USB devices means one thing: greater security risks. You need to be certain that a USB device doesn't contain malicious codes before it's plugged into your system. Go beyond the basic USB port control of "on" or "off" and get a DLP solution that prevents executable from installing themselves on your computers while read functions are enabled.
In some scenarios, stricter USB port control is called for. Many point-of-sale (POS) terminals today are fully functional computers, capable of connecting to the Internet or accessing wireless networks. Why risk malicious code upload, or transaction data download to the iPod? Setting access to "Read Only" or "No Access" would be more appropriate.

Step 4: Find an Affordable Solution
Data Loss Prevention (DLP) is no longer a luxury affordable only by large organizations, nor is it a time-consuming exercise that takes months to implement.
Technology is improving data accessibility even as security threats grow. In today's environment, security should not be just a defense strategy against external threats—it should also deliver proactive protection against data loss from internal sources. If your data is critical, make sure you choose a data recovery service like stellar Phoenix that can properly recover data from physically damaged drives. Even the simplest recovery attempts on a physically damaged drive could render your data unrecoverable. The first recovery attempt is always the best recovery attempt.

Regardless of the size of your company, a sound security approach that extends security to cover key data leak points will save you unforeseen problems and costs. Fortunately, Stellar Phoenix stands ready to help you recover your data no matter where you store it and no matter whether the loss resulted from a disaster, an accident or from hacking. Our friendly, expert data recovery specialists will find everything that can be found and get your information back to you.