When it comes to data unavailability, loss of data or the need for disaster recovery, companies and even third-party hosting providers often think first of natural disasters like hurricanes, tornadoes or wildfires, but in reality, the biggest threat to an organization’s data is human-induced – accidental or purposeful. According to the study “2016 Cost of Data Center Outages” by the Ponemon Institute, the fastest-growing cause of downtime is cybercrime, accounting for 22% of incidents [in 2015] but only 18% in 2013 and 2% in 2010.
Cyber attacks are not only growing; they are also becoming more advanced and intelligent. The new generation of attacks is focused on acquiring personal information, intellectual property, authentication credentials and insider information, and the attacks often take multiple, calculated steps that track user patterns and often utilize the placing of malware. So how can a business combat the increasing threat of cybercrime, especially when it happens from within the organization?
Know your Employees
A background check of all employees who will have access to sensitive information is now an imperative. Have each employee sign a confidentiality agreement and information security agreement as a condition of employment. Outline procedures for data security, computer and Internet usage and enact penalties for not adhering to the guidelines.
Secure Your Information
Following best practice information security processes will create a logical environment in which current and future employees recognize how to protect the business’s data as they would their own personal information. This includes making employees utilize complex passwords that need to be changed every 30-60 days, limiting access to servers and sensitive information to only those who absolutely require it to do their jobs and using identification badges for authorization awareness. Another more recently adopted security procedure is two-factor authentication (2FA). Expedient’s Two Factor Authentication service adds an extra layer of protection to applications by requiring the user to enter a one-time password that changes for each new session in addition to the standard username and password combination.
Prepare for Disaster
A well-planned and tested disaster recovery plan is the final tactic to ensure that cybercrime does not negatively impact a business. A solid plan and prudent mitigation measure includes working with a multifacility, geographically diverse data center provider. Data center service providers are often better prepared to mitigate threats as a result of their scale and expertise operating security processes and technology like firewalls, intrusion detection and vulnerability scanning, for example. They can also be faster at detecting a cyberattack before it causes a service interruption.
The third-party data center service provider will be well practiced in testing disaster recovery plans to ensure business continuity even if a server is breached by an outside or inside attack vector. As technology is increasingly adopted to compete effectively, with it will grow cybercrime and the complexity of the attacks. The best way to prevent being a cyber victim is being prepared.