How SMBs can better protect their data from cyberattacks

SMBs compromised by an effective cyberattack can not only lose data and suffer financially but go out of business entirely, says Infrascale.

istock-1007950764disasterrecoveryplan.jpg

Image: designer491, Getty Images/iStockphoto

Any organization hit by a successful cyberattack can be hurt severely. But small and midsized businesses (SMBs) are especially vulnerable if they lack the personnel, resources, and financial backing to fully recover from an attack. A new report from data protection provider Infrascale discusses how ransomware and other cyberattacks can harm SMBs and how they can better protect their critical data in the event of an attack.

SEE: Disaster recovery and business continuity plan (TechRepublic) 

An Infrascale survey from April found that ransomware attacks have affected 46% of SMBs, leading almost three-quarters of them to have paid a ransom to recover their compromised data. A February study from cybersecurity company Bullguard showed that 43% of US and UK SMB owners had no cybersecurity defense plan, and one in five lacked any endpoint security.

A cyberattack that leads to critical data loss means the SMB can't function normally. But a particularly devastating attack could cause the company to go out of business. To guard against such an incident, data protection and backup and disaster recovery are key strategies, according to Infrascale.

Data protection is designed to defend data against both internal and external threats, including data corruption, server crashes, human error, malicious attacks, and even natural disasters. The tools and technologies used include backup and data recovery, encryption, malware and antivirus detection, firewalls, and data classification, among others. Backing up data ensures that multiple copies exist, whether solely in the cloud, in a hybrid cloud environment, on local servers, and/or on local storage media.

Disaster recovery is the ability to recover or restore data to resume normal business operations. Just having backups of critical data isn't sufficient unless there is a plan and procedure on how to restore that data.

In the area of data protection, Infrascale offers the following tips:

Education. Educating your users on how to identify, avoid, and report data threats is the most important method an organization can adopt to protect its data. By teaching them to identify and avoid threats, you deprive cybercriminals of the opportunity to compromise data.

Assess your data landscape. The first rule of data protection is to know all about the ecosystem of the data you're protecting. This involves knowing what data you have, where it's located, how it's used, how frequently it's being accessed, and who in your organization is accessing it.

Identify your data locations. Take into account the fact that your data exists both inside and outside the walls of your physical business. These locations likely are in one or more cloud environments and on the endpoints used by employees, who are increasingly dispersed due to the COVID-19 work-from-home shift.

Identifying the locations of your data will help you understand how best to implement the appropriate protections, including encryption, multifactor authentication (MFA), and endpoint detection and response (EDR).

Enact preventative measures. To combat ransomware and malware through malicious links in phishing emails or on compromised websites, stay ahead of the game with standard antivirus tools, firewalls, application updates, and education.

Reinforce with endpoint detection and response. EDR is a way to supplement antivirus software, which cybercriminals can circumvent with complex attacks. EDR solutions are designed to look for behavior known to lead to cyberattacks and then alert administrators and users. This approach requires continuous monitoring and immediate responses to detected threats.

In the area of backup and disaster recovery, Infrascale provides the following recommendations:

Create a backup and disaster recovery plan. A disaster recovery plan is the "playbook" of processes and activities, invoking backup and disaster recovery services and their interaction with your data and servers, allowing you to stay up and running in the event of a disaster.

Establish your recovery point objective (RPO) and acceptable recovery time objective (RTO). RPO is the maximum period of time allowed in which data might be lost and unrecoverable (think time between backups). RTO is the maximum period of time allowed in a disaster recovery plan between when critical network functions cease and when they're restored (i.e., when data and data operations are recovered to acceptable operating conditions). Ensure that your DR technology choices support the performance required by your business.

Make sure the right people know that a backup and recovery plan exists. Provide details of the plan to those employees at your organization who will need to take action on your disaster recovery.

Stay current and informed. Be sure to keep your data protection technology up to date and patched so that all systems can deflect the most common attacks. This means updating antivirus definitions, application versions, and backup software. Leverage DR solutions that automatically verify that your data backup is working and alerts you when it's not.

Don't put all your data in one place. If a natural or man-made event impacts one part of your IT environment in a given geography and leads to data loss, it may have the same effect on another part of your IT environment. So even though you've backed up your data, the backup can be lost as well. To avoid this scenario, keep your data backup in a different location from the data you're currently using for operations.

Ideally, your data backup locations should be in two separate geographies. For example, if your business is in an earthquake zone, consider putting your data backup outside that zone. The cloud is also an effective place to back up your data. You can rely entirely on the cloud for disaster recovery, or you can keep your spin-up capabilities local and the backup only in the cloud. Also, leveraging cloud-based disaster-recovery-as-a-service (DRaaS) offerings from a managed service provider (MSP) can remove the burden of handling disaster recovery on your own.

Test your disaster recovery plan on a regular basis. This approach will help you iron out any wrinkles related to data disaster recovery. You may want to test your data protection backup and recovery strategy at various times and from different angles. To do this, conduct regular and random tests in which you simulate an event that would call for data disaster recovery and access to your on-premises or online backup.

Also see