Check out our previous article
Preserve and Protect Your Data
Small and medium businesses are powered by information. Should your business lose that information or even suffer an interruption in access, it can have serious consequences. When it comes to protecting their electronic data, some SMBs feel they are at a disadvantage because they lack the large budgets and dedicated IT staff that many large enterprises enjoy. While this may be true, that doesn’t detract from the fact that SMBs face the same fundamental data protection concerns as large businesses, as no business is too small to be immune to data loss. As the amount of data being created continues to increase, and that info is accessed and shared by more people, you can’t afford to ignore the need for data protection.
According to a report released in March by the IT Policy Compliance Group, 20% of organizations are suffering from 22 or more sensitive data losses per year. There are a number of ways in which a business' data can be lost, destroyed, corrupted, or rendered inaccessible. It can happen when a natural disaster—such as a hurricane or flood—occurs. Hardware failure or theft can also be to blame, as can external threats like viruses, worms, or hackers. File or software corruption can also affect data stability. However, the IT Policy Compliance group cites human error as the most common reason for data loss; unintentional user error and policy violations were the most common reasons.
Regulatory reasons
Aside from good business practice, there may be more reasons to protect your data: regulatory obligation. Depending on the size and industry of your business, it may be subject to government regulations like HIPAA or Sarbanes-Oxley (SOX), which require businesses to employ strong data management and security measures. HIPAA regulations outline security procedures and solutions that healthcare-related businesses should use to protect private patient data. If you are a publicly traded company, or if you do business with a public company, then SOX requires you to keep stringent IT controls over financial records, and have the ability to provide records that demonstrate that IT control if requested.
In addition, if your business processes, stores, or transmits credit card numbers, then it is subject to the 12 security requirements imposed by the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS was created by the five major credit card companies as a way to protect card data by ensuring that merchants take steps to secure their IT networks and maintain control of the data at all times. The Standard explicitly requires use of firewalls, antivirus, network access control and network monitoring. Businesses that fail to comply face steep fines and could have their merchant account revoked.
