As a trusted service provider to your customers, they rely on you to provide a full data protection and business continuity strategy. It’s important that this strategy covers risks emanating from the inside of their organisation as well as the outside.
Employees represent a very real threat to organisations and typically fall into five categories.
Here we detail the data protection challenges they pose – and how you can educate your end-users to tackle them so that business continuity can be maintained.
Software vendor releases are promoted as being tried and trusted, but it’s impossible to be sure how they will perform until they are installed in your unique production environment.
If an employee fails to test all changes, prior to them being released onto production systems, there are risks.
Patches sometimes introduce more issues than they are supposed to fix, while upgrades have been known to break links to integrated systems.
For example, parenting site Mumsnet reported itself to the Information Commissioner's Office after an upgrade led users to see details of other accounts.
Solution: As a service provider you may already be shielding your customers from this issue by being the not so hasty techie yourself.
If not, make use of data management services that allow administrators to create isolated test environments from backups, ensuring no bad software is ever deployed.
2) The vengeful wrongdoer
Putting an accurate figure on the true number of malicious employees purposefully harming a company is difficult.
Organisations are typically too embarrassed to admit that relations with an individual have deteriorated to such an extent that they have become victims.
A major trigger for employees to delete Office 365 data maliciously is a company merger or acquisition.
Staff with broad security privileges can cause havoc by deleting large volumes of data or even deliberately introducing corrupting software.
Research released by the Ponemon Institute in January reveals a dramatic increase in both the frequency of insider threats and their financial cost to businesses since 2018.
Although malicious criminal insider threats made up just 14% of incidents, the financial ramifications were still significant, with researchers recording a per-incident cost of 756,000 dollars and annual losses of 4.08m dollars.
The report, "2020 Cost of Insider Threats: Global," shows that the average global cost of insider threats rose by 31% in two years to 11.45m dollars.
Detection of these malicious activities is always going to be difficult when the perpetrators are trusted individuals. The most common employee attack is to delete software, files, emails and SharePoint folders prior to their termination.
Solution: While you can advise organisations to limit their employees access to only the data they need, this isn’t always possible and frankly they won’t always listen.
Ensuring that you are providing a complete data management solution and protecting all data will give you the ability to act in the event of malicious deletion and recover data quickly. With more and more organisations utilising Microsoft 365 and the Google Suite, your data management solution should account for this data as well.
In the event of an issue what is the longest downtime your customers would find acceptable?
- 5 to 10 minutes
- 30 minutes
- An hour
- Two hours
- Half a day
- A day or longer
Malware attacks are among the biggest causes of lost business productivity - and it’s important to remember that ALL employees are potential ransomware targets.
If a workforce is to know how to identify and avoid infections, the organisation will need to educate employees with relevant training.
However, the fact remains that one ill-advised click is all it takes to leave the business wide open to an attack. With malware attacks such as ransomware evolving and becoming cleverer every day, protection faces a constant battle to keep up.
Cyberattacks are the fastest growing crime and predicted to cost the world 6 trillion dollars annually by 2021. In 2020, it’s vital that companies get data security to the top of the business agenda.
Some versions of ransomware operate in stealth mode, seeking critical files, and encrypting at a slower rate to stay under the detection radar. If no-one discovers the attack until it’s too late, the chances of a ransom being paid are more likely. Newly developed artificial intelligence exists to analyse the randomness of file changes in a bid to identify ransomware infections - but backups on your network remain highly vulnerable.
Solution: It’s almost impossible to provide 100% effective defence against a determined ransomware attack. The best way to guarantee recovery from an issue such as ransomware is by having robust, automated, isolated, offsite data protection in place.
It's critical that customer backups are not permanently on the same network as their live data. When utilising the cloud for backup, ensure that the service you provide encrypts data before it leaves devices – and that it remains encrypted at all times, in transit and in storage.
Whether you hold the encryption key for your end-users or they hold it themselves, it is vital to keep this secure so that data can be decrypted from your secure backup.
Keeping data can be expensive, especially if employees literally save every item of data, email, file, doc or PowerPoint presentation that passes their way - just in case they ever need it again.
As information is continually captured and stored, primary storage solutions quickly reach capacity, meaning more investment is needed. This unanticipated investment in additional hardware is typically capital expenditure and can cause significant budgetary pressures.
Industry and government compliance requirements stipulate that some forms of data need to be kept for seven years or even forever. On average organisations
can expect data volumes to grow by at least 10% per year.
Storing data in the cloud is an attractive proposition when it works out at a lower cost per GB than on-prem solutions - but it’s important that any solution addresses the ever-growing need for data security and 24/7/365 data access.
When considering an archiving service, it needs to be simple to manage with minimal human interaction and highly scalable to handle larger storage volumes as the business grows.
At what point would you consider archiving data? When it's not been accessed for:
- A month
- Two months
- Three months
- At least six months
- At least a year
- At least two years
What percentage of data would you archive to the cloud if you were guaranteed immediate access, should your customers need it back?
- 10% or less
- At least 20%
- Around 30%
- About 50%
- Around 65%
- 70% or more
Solution: Provide additional value to your customers by extending the life of their expensive hardware assets and delay purchasing more primary storage to cope with growth by offloading redundant, obsolete or trivial data to the cloud when it meets specified criteria.
When choosing a fully automated, centrally managed archiving process that minimises management overheads, you should also ensure that there will be no delays in accessing archived data.
The technology now exists to access archived data files instantly on demand from the cloud - and if the user experience remains unchanged so much the better because there will be limited or no additional training needed for your engineers.
5) The overstretched worker
Who among us has not mistakenly, or in a rush, lost or intentionally deleted important files?
Recovering lost files can be among the most common and time-consuming tasks to plague an IT department.
There can be few IT professionals who have yet to receive a call from a colleague insisting that a vital file is missing and furthermore been told it’s a complete mystery as to how it has been lost and there’s no way of knowing who could be responsible.
In today’s on-demand world, businesses need to minimise downtime by restoring data easily and instantly from everywhere to anywhere.
Whether data is onsite, in the cloud or stored in a hybrid environment, your customers need to gain immediate access to critical data.
Quickly addressing these requests enables IT to focus on more business-driven objectives.
Solution: Make downtime a thing of the past. You should be able to restore data quickly and easily to its original location or a new location of choice - as often as required, at no additional charge.
There should be no need to wait for customer data to be restored before users can start accessing the files they need. The technology exists to get you up and running without waiting for a full recovery so users are working again within seconds, not days.
After reading about the threats your customers' employees pose to their businesses, is it time to advise them to re-evaluate their data protection and business continuity strategy?
Discover how redstor can help you address these challenges.
What is the standard Recovery Point Objective for your customers?
- Instant failover
- Five minutes
- No more than 30 minutes
- An hour
- A couple of hours
- A day or more
Which of the employee types listed here do you think is most concerning?
- The hasty techie
- The vengeful wrongdoer
- The unwitting victim
- The data hoarder
- The overstretched worker