Does your business have a ticking data time bomb?

How SMBs can protect their sensitive data

How secure is the data your business stores in the cloud or on your on-site servers? It's a question that is being increasingly asked across the small business sector, as data security once again moves to the top of the agenda. With cybercrime on the increase, ensuring your business has robust security protocols in place is a commercial imperative.

Mohamed Zouine, European Director of Ground Labs, commented: "By the very nature of SMBs, they have to spend a great deal of time fire-fighting issues. Data security becomes an afterthought if it's even considered at all. Most SMBs do not realise that by storing this kind of data, even on a smaller scale, they are subject to the same, potentially crippling fines as larger businesses."

Mobile considerations

Security issues are also being compounded by the growth in mobile digital devices. According to IDC, by 2017, 87% of all connected devices sold will be tablets or smartphones. These devices will increasingly need to store sensitive customer data that must be protected at all times. Factor in the cloud that delivers the connectivity and storage capacity that SMBs in particular are leveraging, and a security policy that takes these mobile devices into consideration is vitally important.

Indeed, research from Trend Micro succinctly concluded: "The majority of SMBs said that, in general, they can't do enough to protect their data using the measures and technologies they currently implement. Most SMBs also doubt their organisations' capability to thwart advanced persistent threats (APTs) or hack attacks, especially since detection or discovery of data breaches among SMBs mostly occurs accidentally."

And your business needs to take action now. In March of this year the British Pregnancy Advice Service (BPAS) was fined £200,000 (around $310,000, AU$375,000) after a serious breach of the Data Protection Act revealed thousands of people's details to a malicious hacker.

David Smith, Deputy Commissioner and Director of Data Protection, said: "Data protection is critical and getting it right requires vigilance. The British Pregnancy Advice Service didn't realise their website was storing this information, didn't realise how long it was being retained for and didn't realise the website wasn't being kept sufficiently secure. But ignorance is no excuse. Data controllers must take active steps to ensure that the personal data they are responsible for is kept safe."

A cloud of insecurity?

Larry Ponemon, chairman and founder, Ponemon Institute, says: "Staying in control of sensitive or confidential data is paramount for most organisations today and yet our survey shows they are transferring ever more of their most valuable data assets to the cloud.

"It is perhaps a sign of confidence that organisations with the highest overall security posture were most likely to use the cloud for operations involving sensitive data and it is encouraging to find that significantly fewer respondents believe that use of the cloud is weakening their security posture."

The cloud has come under attack for what appears to be its inherent lack of security. The reality is that the cloud can be a valuable asset all SMBs can leverage to their advantage. The cloud must, though, be approached as your business would any new service it buys, performing due diligence before committing to a service provider. The mistake many SMBs make is to use consumer-level cloud services instead of those designed for business use that will have more robust security protocols built in.