A cyber security guide to data loss

A cyber security guide to data loss

Monique Holtman

Monique Holtman
28th January 2021

While the world was becoming increasingly virtual anyway, 2020 certainly accelerated the rate at which we conduct our online activities.

Coronavirus precautions and lockdowns mean that more people are working from home than ever before, consumers are buying online rather than shopping on the High Street and we’ve all had our fair share of Zoom calls.

Although these digital platforms have been a saving grace for many businesses and individuals, the more we’re online, the more at risk we are from cyber crimes such as hacking and data loss.

It’s never been more important for SMEs to understand the threats and protect themselves against them. Below I share some of the main causes of data loss and some top tips to prevent it.

What is data loss?

For the purposes of this article, we are looking at data loss as the destruction of information. This article does not consider data breaches whereby personal or confidential data is leaked, hacked or shared. Data destruction may be intentional from an outside source such as hackers or it could be an unintentional internal breach as a result of human error or poor storage methods.

Data loss can present itself in a number of ways. Information may be deleted, corrupted or made unreadable by a user or software application. Regardless of how or why data loss occurs, the impact can be significant because as well as losing important information, you’re at risk of breaching compliance laws with regards to confidentiality.

What are the causes of data loss?

Having an awareness of the most common causes is essential for data loss prevention and recovery.

Human error

We all make mistakes which can unfortunately lead to loss of information. Some examples include:

  • Accidentally deleting or overwriting files or text
  • Damaging hard drives by dropping or bumping a computer or laptop
  • Hard drive formatting
  • Liquid spills
  • Software corruption after falling victim to scams

Viruses and malware

Hackers gain access to files by infecting computers with malware, commonly sent through phishing emails. In this common approach, unsuspecting recipients are tricked into clicking on malicious links which can then infiltrate a system and damage, steal or completely destroy files.

Ransomware is a form of malware which encrypts files and demands a ransom, typically monetary, to gain access to the data. Even if ransoms are paid, it’s highly unlikely victims will be able to gain access to their files. Other malware, such as wiper malware, can completely wipe a computer’s hard drive.

Not only will you lose access to your files, but if data is stolen or otherwise shared without the necessary permissions, it is important to note that there may well be legal and/or contractual consequences. Although this article is not addressing these, you will need to understand your obligations. You can find out more about data breaches, your reporting responsibility and data protection on the ICO website.   

Many small businesses may think that hackers only go after big companies. Unfortunately, SMEs can be a prime target for cyber criminals because their security systems often aren’t as robust, in fact, 1.6 million SMEs fall victim to cyber crime every year in the UK.  

Hard drive damage

The majority of data losses (67%) occur as a result of hardware malfunction, with the primary cause being the hard drive. Hard drives are the most fragile part of a computer and can suffer damage in a number of ways:

  • Mechanical issues
  • Human misuse such as dropping a computer or laptop
  • Computers overheating through overuse or a build-up of dust

Power outages

Power outages can lead to serious problems because software systems are forced to close without warning. As well as losing any unsaved work, it can also cause existing files to become corrupted due to improper shutdown. If power outages happen frequently, hard drives are more likely to crash, greatly reducing their lifespan.

Natural disasters

Although they’re rare, natural disasters such as fires and floods do occur and they can be catastrophic for businesses.

Data loss prevention tips

Implementing data loss prevention tools and software is the most effective way to avoid an incident occurring in the first place. It also means that even in the event that you do lose data, you should be able to recover your files.

Prevent human error

One of the most effective data loss prevention tools you can implement is staff training. As discussed earlier, human error is a significant cause of data loss so ensure staff are properly trained to use your systems and software. Sharing appropriate standard operating procedures can also help to reduce human error. By detailing processes and steps that staff can follow, you leave less room for error.

Also make sure your employees know to back up their work regularly, install updates and identify the signs of scam emails.

Make it part of your onboarding process, hold regular staff meetings, send emails and even put posters around the office making staff aware of the signs of fraudulent emails. Signs include:

  • The email is from an unknown sender
  • Poor spelling and grammar
  • The email address doesn’t look right
  • The sender is being rude, pushy or demanding (they often do this to scare people into taking action before they’ve had a chance to think the situation through properly)
  • They ask you to send financial or confidential information. A genuine company will never ask you to do this via email
  • It includes a suspicious attachment

Staff should also know not to:

  • Click on links or download anything from unknown sources or websites
  • Give out personal or financial information
  • Use the same password for every website
  • Keep their suspicions quiet. Ensure there’s a procedure in place so employees know who to alert immediately if they suspect they’ve received a scam email or if they think they’ve been hacked

Protect yourself from viruses and malware

As well as ensuring staff are trained to spot the signs of scam emails, it’s important that SMEs protect their data with anti-virus software. This should be constantly running in the background to catch viruses before they can cause serious damage.

Your anti-virus software should always be kept up to date and when it asks you to run an update, make sure this is done. Updates are important because they protect you against cyber vulnerabilities that software developers have discovered.

Conduct regular backups

The good news for SMEs is that data loss prevention tools don’t have to be expensive or complicated. Another simple and cost-effective way to prevent data loss is to ensure everything is backed up on a regular basis in a separate location to your original files.

If you have all your data stored somewhere secure such as the cloud, you’ll be able to get it back quickly and easily should a computer be damaged for example. Remember it’s important to conduct regular restoration tests and check that your backups are working.

Stand up to hackers

If hackers manage to infiltrate your system, you could lose some or all of your data. Some top ways to protect yourself against cyber criminals include:

  • Use strong passwords
  • Use a password manager so you’re not tempted to use the same password across different platforms
  • Use two-factor authentication
  • Keep all your software up to date
  • Block high-risk websites so employees can’t access them on work devices
  • Don’t forget to protect mobile devices as well – employees use them just as much, if not more to access emails and log into apps
  • Secure any wireless networks
  • Use trusted anti-virus software

Prevent hard drive damage

If your hard drive becomes damaged, you’re likely to lose any data stored on it. While all hard drives wear out eventually, knowing the signs that one is failing means you can save your data before it’s too late. These include:

  • Your hard drive frequently crashes
  • Processing speeds are continually slow
  • Your hard drive has issues while booting up
  • Your computer is unusually hot, freezes regularly or makes clinking or grinding noises
  • Files won’t open

Install surge protectors

Files can be lost or corrupted due to improper shutdown procedures which can happen during an unexpected power outage. A great data loss prevention tip is to install surge protectors because they can help to prevent the damage that’s typically caused during an outage.

Having a generator or backup battery system can also allow you to save or back up any data you need should you suddenly lose power. 

Invest in data loss prevention software

It’s difficult for SMEs to prioritise business expenses because unfortunately, their budgets aren’t endless. Data loss prevention software is something that organisations should consider however.

It works by detecting potential data breaches and prevents them from occurring by monitoring, detecting and blocking sensitive data activities deemed malicious. This means that if someone is trying to access your systems, they won’t be able to view, destroy or steal your files and data.

While every provider is different, data loss prevention software can offer a number of features including:

  • Central policy management – a central place for you to create, enforce and manage policies in a user-friendly dashboard
  • Incident detection and management in real-time
  • Data categorisation based on sensitivity so you can decide who should have access to what information
  • Reporting which is useful for showing compliance to regulators, auditors and incident response teams

Here is a list of the best data loss prevention software, all with price comparisons and reviews.

It’s important that all SMEs have a data loss prevention policy in place. It will ensure you’re protecting sensitive data, complying with industry regulations and protecting your business against cyber criminals. Without the proper procedures in place, you could be faced with loss of revenue due to downtime, loss of trust from customers, lawsuits and even closure.

Implementing the tips and tools mentioned above will help to safeguard your business against any potential data loss threats. To find out more about security risks, prevention, protection and how to respond to an attack, have a read of this cyber security for SMEs guide.

Additional sources you may find helpful include:

The information in this guide is for general guidance about cyber security good practice only and is not legal advice.
We have tried to ensure that this guidance is accurate and relevant as at January 2021. However, Nominet UK does not accept liability for any loss, damage or inconvenience arising as a consequence of any use of or failure to use any information contained in this guidance.