There are a million and one (go on, count them, I dare you) technical measures you can employ to protect your business data but all are for nought if you ignore the biggest cause of data loss which is, according to the sixth annual Databarracks Data Health Check survey, human error.
In its latest report, the company says data loss is caused in many ways – as you would expect – but its not all about hardware failure (which, at 21% suggests good backup plans are as essential as ever) or data corruption (19%).
Instead, human error (24%) topped the poll as the biggest factor in data loss.
Explaining the results, Oscar Arean, technical operations manager at Databarracks, said:
Human error has consistently been the biggest area of concern for organisations when it comes to data loss. People will always be your weakest link, but having said that, there is a lot that businesses could be doing to prevent it, so we’d expect this figure to be lower.
The results weren’t consistent across all organisations though. When we broke them down by business size, we saw that for the second year in a row, it was actually hardware failure, which contributed the most towards data loss across large organisations at 31 per cent (up from 29 per cent in 2014).
This isn’t surprising as the majority of large organisations will have more stringent user policies in place to limit the amount of damage individuals can cause. Secondly, due to the complexity of their infrastructure, and the cost of maintaining it, large organisations may find it more difficult to refresh their hardware as often as smaller organisations, so it’s inevitable at some point it will just give out.
So, while the biggest issue for IT departments within large firms may be the constant struggle to source budget increases to replace ageing hardware, smaller firms can learn much from their larger brethren in terms of securing the humans within the workplace via a combination of security awareness training and more robust security policies.
Unfortunately, such action – which we here at BH Consulting feel is an essential part of a company’s overall defences – is still overlooked to some degree, as touched upon by Arean who added:
The figures we’re seeing this year for data loss due to human error are too high (16 per cent of small businesses and 31 per cent of medium businesses), especially considering how avoidable it is with proper management. I think a lot of SMEs fall into the trap of thinking their teams aren’t big enough to warrant proper data security and management policies, but we would disagree with that.
In large organisations, managers can lock down user permissions to limit the access they have to certain data or the actions they’re able to take – this limits the amount of damage they’re able to cause. In smaller organisations, there isn’t always the available resource to do this and often users are accountable for far more within their roles. That is absolutely fine, but there needs to be processes in place to manage the risks that come with that responsibility.
Of course small organisations don’t need an extensive policy on the same scale that a large enterprise would, but their employees need to be properly educated on best practice for handling data and the consequences of their actions on the business as a whole. There should be clear guidelines for them to follow.
While Databarracks report looks at IT as a whole rather than just security, it also threw up a few other interesting tidbits in regard to security in general and cloud computing security specifically.
The first set of figures don’t make for great reading – the company says a whopping 25% of companies have suffered a cyber attack in the preceding 12 months which is bad enough, but worse, only 54% of victims reviewed their security procedures after the event while less than half (47%) reviewed their backup plans even post-attack.
On a more positive note, the survey discovered that the message does appear to be getting through in some ways as 63% of businesses reported security as their top concern when selecting a cloud service provider.
So, overall, this report seems to suggest, in my mind anyway, that companies as a whole are probably at least aware of the security issues, though not particularly well equipped to deal with them.
Does that sound like the case within your business? If so, what are you doing to remedy the situation?