There is a famous phrase, attributed to Sir Tim Berners-Lee, the inventor of the World Wide Web, that goes: “data is a precious thing and will last longer than the systems themselves.”
This has been shared so widely online it is difficult to find the precise context in which it originally appeared. Regardless, it is something to which businesses of all sizes should pay heed.
Data has become the world’s most valuable resource. At the end of June 2019, the world’s five most valuable listed companies all made their profits collecting, analysing and sharing large amounts of information.
It isn’t just the major technology giants that are thriving thanks to data. Hundreds of millions of smaller businesses around the world are also analysing the information they collect on a daily basis to improve how they operate and inform their business decisions.
Even if you aren’t actively interrogating your data for new insights, it still has value. Consider just for a second how you would cope if you couldn’t access your billing systems, customer information or any of the day-to-day spreadsheets or other business documents on your computer. Many business leaders don’t fully understand just how important their data is until they can’t use it.
The relevance of data protection was reinforced in 2018 through the introduction of the GDPR. These new European rules governing how information is used and secured allow for organisations to be fined up to €20 million (or four per cent of their annual global turnover if greater) should they fail to comply with robust data protection requirements. It is reported that data protection agencies have already issued more than €372 million worth of fines due to breaches of the GDPR.
Despite data’s obvious importance, and the magnitude of penalties for organisations that fail to manage it appropriately, it seems as though many businesses - particularly at the smaller end of the scale - are still failing to take the steps that are required when it comes to storing their data.
Three million UK SMEs at risk of data loss
Beaming research indicates that almost three million small and medium-sized businesses (SMEs) in the UK today - more than half of the population - are at risk of losing precious data by storing electronic copies in the same location as the originals, or - worse still - failing to back it up at all.
A quarter of businesses employing 250 people or fewer told our researchers that they keep only one copy of commercial data, either on individual users’ computers or a single server located in the office, while one in three admitted to keeping backups on servers or storage devices located in the same facility as the original information.
The second part of Sir Tim’s quote is only accurate if that data is spread across multiple systems. Data that isn’t duplicated doesn’t last longer than the system it is stored on (and even if it does it can be impossible to access it), which means these companies could lose valuable commercial information due to a single IT failure, cyberattack or a catastrophic event such as fire or flood.
Let’s put that risk into context. The Fire and Rescue Services attended 15,000 non-domestic building fires, one for every 80 employers, in England over a 12 month period from March 2018, while more than 185,000 commercial properties are already located in areas at risk of flooding across England and Wales. With more frequent extreme weather events, that number will only rise.
Even more threatening is the risk of ransomware and other cyberattacks that would damage or prevent access to company data. The rate at which UK businesses are attacked online has soared over the last year. Companies both large and small are under sustained attack from hackers around the world.
Most cyberattacks on businesses are indiscriminate, malicious code that trawls the web seeking to exploit any weak point in cybersecurity systems. Our analysis indicates that UK companies were subjected to 281,094 internet-borne cyberattacks each, on average, last year.
The rate of attack has continued to increase throughout 2019, with businesses being attacked online around once every 50 seconds in the second quarter of the year. Just a single breach can be catastrophic to those involved.
Particularly worrying for businesses is the rise of ransomware, a form of malware that blocks access to data on a victim’s computer, often by encryption, and demands payment in return for providing access to it again. High profile ransomware attack such as WannaCry, NotPetya and SamSam have affected millions of computers worldwide in recent years. Some organisations have opted to pay a ransom to the hackers, however, it is far from guaranteed that they’ll simply hand the data back.
Beaming’s research indicates that 150,000 UK businesses, including around one in ten small and medium sized firms fell victim to ransomware in 2018. The average cost of recovering from such an attack was found to be £159,000 for 10 to 49 employee firms and £200,000 for those employing between 50 and 249 people.
Keeping multiple copies of important business data in multiple locations is vital to enable a swift recovery, both of the data and business operations, when ransomware strikes.
Keeping data safely
Given the magnitude of what would happen should things go wrong, every company, no matter how small, should backup their data in the way that works best for them and keep their copies apart from the originals.
One option that is used by around a fifth of SMEs is to copy data to an external hard drive that is then removed from the premises each evening. While this can be a cost effective solution, it can also be a time consuming one, and it certainly creates the risk that those storage devices (and the information on them) being lost or stolen while out of the office.
An alternative for keeping copies of their data offsite that avoids the need to physically remove devices from the office, is the use of a public cloud storage service from the likes of Microsoft, Google or Dropbox.
While this tends to be the least expensive option when it comes to backing data up remotely - since it only involves paying for a single service ‘package’ - our latest research suggests that of all the offsite options, only the very smallest companies actually favour this approach. The use of public cloud for data backup currently runs to just one in seven micro businesses (those less than ten people).
Overall, the number of businesses using public cloud providers for this purpose has fallen over the last year across all company sizes. This could be due to the introduction of the GDPR, which obliges companies to ensure that the personal data they hold is well protected. Without knowing precisely where and how their data is held, it’s difficult to feel completely certain and secure about this option.
What is increasing, however, is the use of remote company data centres and colocation facilities, which allow companies to backup their data remotely and in real time to their own dedicated servers. Large companies have shown the way with this approach, and although the number of smaller companies following suit is still relatively low, the proportion of SMEs using this approach increased from seven per cent to nine per cent of the population between 2018 and 2019.
Whichever means of backup a company uses, they must first consider which data is worth duplicating. That means making multiple copies of the important data your business needs to function properly and storing it in multiple locations. It probably doesn’t mean incurring the extra cost associated with backing up employees’ personal photographs and iTunes libraries too.
It is also important to consider how your data travels between the business and its backup location. This needs to be kept secure, to minimise the chances of its being intercepted by hackers on route and to ensure that backups are not corrupted as well in the event of a virus or ransomware attack.
The pace of business today and the potential for new sources of competition to pop up at a moment’s notice mean that SME leaders can be forgiven for operating very much in the here and now. The damage that losing access to vital company data, however, can be so significant that it is becoming increasingly risky not to put in place appropriate measures that would provide access to it in the event of a catastrophic event.
Keeping a backup of your vital data is the safety net you don’t want to use. But it will stop your business from falling should disaster strike.
Sonia Blizzard, Managing Director, Beaming