Shoulda, woulda, coulda.
Do you ever kick yourself when "hindsight is 20/20" situations arise? You should have left the office earlier to beat rush hour or you should have grabbed a muffin with your morning coffee because you have to work through lunch. Sure, these are scenarios that you'd like to avoid, but nonetheless happen, and it's not the end of days.
When it comes to safeguarding data, businesses cannot afford to take the "shoulda, woulda, coulda" approach especially with the many ongoing threats to their data security. As hosting providers, you should recognize the need to offer backup and disaster recovery (BDR). In case you're having a hard time selling these services or aren't sure of the value in it, here are nine common contributors to data loss and downtime that can shut down a business for good.
1. Before It Flooded
Do any of your clients live in an area that's prone to flooding like Louisiana or southern Florida? If so, you better be backing up their sites frequently. Who's to say they don't have leaks in their roofs? Are their server racks exposed? That kind of water damage could lead to hardware failure or even a power outage. Make sure you backup their mission critical data and have a disaster recovery plan in place should severe weather strike.
- 40% of businesses do not reopen after a disaster, and another 25% fail within one year according to FEMA [Source].
2. Before that Disgruntled Employee Wiped Your Client's System
There are typically two kinds of data threats by insiders: Rogue or disenchanted employees seeking retribution and negligent employees that unintentionally compromise data security. CIO Magazine actually identified Disgruntled Employees, especially those working on the IT team, as the number one biggest source of business security breaches. Ideally, your clients have taken the necessary steps to remove terminated employees' account accesses and privileges. Additionally, you should advise them to diligently monitor the privileged credentials of active employees so that they can't compromise the system undetected. According to BizTech Magazine, this kind of insider data breach "can be more difficult to detect than other kinds of incidents because insiders typically enjoy authorized access to the data they are stealing."
Imagine the chaos that would ensue for your client if one of their network admins reset all of the passwords to the routers and switchers on the network. It's happened before! Such a lockout would delay productivity and prevent employees from obtaining the important data they needed. If they had used your backup services, however, you'd be able to recover the data copied at the last restore point.
- 55% of insider incidents involve abuse of privileges [Source].
3. Before that Unsuspecting Employee Mistakenly Clicked the Malicious Email Link
Ah yes, user error. Although phishing schemes represent only one form, they are still a common means for exploitation. One CSO Online article published last week cites the latest Verizon Data Breach Investigations Report, which found phishing to be "the second most common threat vector, implicated in around a quarter of all data breaches last year."
Unfortunately, whether it's due to negligent behavior like knocking water onto a device or falling for sophisticated social engineering attacks like business email compromises, the majority of security incidents (95% according to IBM's "2014 Cyber Security Intelligence Index) involve human error. Even with all of the security training in the world, people make mistakes. You can't remove all human risk, so you have to have a backup system in place!
- In a campaign of 10 emails, there's at least a 90% chance that at least one person will become the criminal's prey [Source].
- 90% of all email is spam and viruses, with phishing representing 77% of all socially-based attacks [Source].
4. Before Your Client Accessed a Low-Security, Restricted Site
Hopefully, your client has blocked these websites as part of their Internet usage policy, preventing staff from infecting devices - either the company's or their own - with the malware and viruses that live on these unauthorized domains. Still, you never know when one of these sites will fly in under the radar, so you'll want to be prepared in case an employee attempts to surf the web for non-work related purposes. Even if they're using their own device to browse Facebook, they could be opening up the company's network to malvertising campaigns posing as legitimate ads. With the ongoing BYOD and Internet of Things (IoT) trends we're observing, it's apparent that personal and professional are becoming closely intertwined. Because of this, you have to ensure a client's personal use doesn't yield professional disaster.
- The IoT security market is projected to grow to $28.90 billion by 2020 [Source].
5. Before That Employee Left His Phone at Starbucks
Phones fall out of pockets. They get left behind when users set them down on the table and quickly grab their orders at restaurants or cafes. It happens. Whether they're stolen or misplaced, it's easy for devices to become compromised. Even if your clients have mobile device management (MDM) set up and can have their phones wiped, you still have to recover that data without loss of productivity.
- 9% of employees reported that they have lost or had their corporate device stolen.
- Of those employees who reported loss or theft of a corporate device, 26% experienced more than one incident in the past year [Source].
6. Before One of Your Techs Accidentally Erased an Entire Drive on a Server
Did you think it was just your end users that were capable of data loss? Not the case. This example comes straight from an IT professional who shared his experience with us on Spiceworks. Word to the wise - if you're going to attempt to expand the drive space on a server, make sure your backups are up-to-date!
7. Before a Hacker Compromised a Third Party Remote Access Tool
You can't be sure that the third-party services your clients are using are following secure practices. Since these tools have remote access to your clients' networks, if you're not careful, these outside parties could be opening up the networks to outside breaches. In the same CIO Magazine article cited above, Adam Roth, cybersecurity specialist from Dynamic Solutions International, explains that an attack "typically does not directly attack the most valuable server, but is more a game of leap frog, going from a low level computer that is less secure, then pivoting to other devices and gaining privileges." All a hacker needs to gain control is a way in. Too bad you didn't back up prior and lost all of that sensitive information...
- 76% of data breaches are due to the exploitation of remote vendor access channels [Source].
8. Before Your Client Updated Their CRM/CMS
Think about the thousands of names and contact information your clients have stored in their CRM/CMS. Similar to the possibility of your techs deleting data that's discussed in #6, one of your client's employees could also accidentally lose these account records when intending to update their CRM/CMS platform. If that were the case, any new lead information collected since the last backup would be gone forever. Try explaining that to Sales!
9. Before Your Hardware Failed (Because It Will) and the Servers Went Down
The list began with hardware failure due to extreme weather conditions, but your server can also fail inexplicably on its own. If a server goes offiline or a hard drive is corrupted, a block-level backup system can save your clients from data loss and costly downtime. As we discuss in Hard Drives Fail - Here Are 5 Stats that Prove Why You Need Backup!, this scenario is not a question of if, but when. By regularly performing incremental backups, you'll protect the data that would otherwise be lost in this unpredictable situation.
- According to PriceWaterhouseCoopers, about 15,000 hard drives around the world fail every day [Source].
- The median cost of downtime for a small-to-medium-sized business is $12,500 per day [Source].
Watch Our Webinar: What Does Your Backup Service Look Like?