In this episode of the Vitanium Health Check Podcast, Paul Houselander, Vitanium’s General Manager, and Lawrence Harmer, Vitanium’s Product Manager, reveal how to keep your most valuable asset – your data – safe and secure.
In this episode we explore:
- Why cyber criminals want your data.
- How to be prepared for cyber-attacks and secure your systems.
- Classic data security mistakes and how to avoid them.
- 5 ways to improve your data protection right now.
- Why using a third-party back up provider is a good idea.
- Why the location of your data is important.
No time to read? Skip straight to our complementary, no obligation health check questionnaire and find out if you’re data is at risk and how Vitanium can help.
Prefer to listen? Play the conversation here>
Why should I be worried about data security?
Paul Houselander: Data security is so important for businesses. The rate of IT transformation over the last decade has been phenomenal. Can you name a business that doesn’t require IT to run? 90% of all data that has ever been generated has been generated in the last two years, and that number is increasing. All this data needs to be protected.
Lawrence Harmer: Data affects every business. Historically, you had to be a big name to be targeted for cyber-attacks, but nowadays cyber-criminals are going for any business, any size, any situation where they can potentially extort money. People think, “It won’t happen to me”. It will. At some point it will happen to every business. The trick is to be prepared.
Paul Houselander: Also, the parameters of where your data is stored have changed significantly. With the advent of cloud services, software as a service etc. your data and your systems are spread out. There’s a huge potential for data loss if you haven’t got full control of all of those systems. There are a lot of targets out there for the cyber-criminals, so it’s our job to help protect your data.
Do cyber-criminals care about who they target?
Paul Houselander: Cyber-criminals don’t discriminate. A lot of vulnerabilities are discovered through automated scams. They have an army of automated bots scouring the Internet looking for vulnerabilities.
Lawrence Harmer: Despite the media headlines, cyber-criminals are not always sophisticated and expensive gangs plotting against states or big companies. It’s very cheap to be a cyber-criminal and get results. If you know where to look on the Internet, you can purchase ransomware as a service. Anyone can effectively deploy ransomware to a target without technical knowledge. It’s quite scary the availability of the toolkits that are out there.
How can I protect my data from cyber-attacks?
Paul Houselander: There are always ways in and there are things you can do to protect your data – standard stuff like running firewalls or antivirus software. However, ultimately, you need to plan for the worst. That’s where we come in – your backup is your last line of defence.
Lawrence Harmer: Quite often the weakest link that we see is the businesses’ own staff because you can’t automate that protection, you can only train them as best you can. Thinking of scenarios and preparing your staff on how to react is very important:
What happens if your receptionist finds a USB drive sitting on their desk? Do they plug it in to see what’s on it? That can be quite a common vector for delivering a nasty payload into a network. What happens if the receptionist receives a phone call and they’re asked for passwords?
A simple thing like staff training can be a strong asset in your overall protection strategy.
What are the cyber-crime trends for 2023 that we should be aware of?
Paul Houselander: I would predict an increase in existing risks. Phishing attacks are probably the most common way that ransomware starts. Phishing is pretending to be somebody else, trying to trick the recipient into clicking a link, passing on some sensitive information or downloading a bit of software, and that is how the majority of attacks take place.
There’s also the whole shift to the cloud to consider. A lot of people have moved workloads into cloud companies, but there is a whole security aspect to plan for. So, I would predict for the coming year we’re going to see a lot more cloud exploitations and data exfiltration. The cloud does not equal secure.
Attacking backups is part of the cyber-criminal’s playbook now. They will go after your backups because if they want to get paid, they need to make sure there’s no option for you to recover your data. Their systems will scan and work out what backup software you’re using and how to destroy it. This is where immutability comes in because you cannot destroy those backups.
Lawrence Harmer: We’re coming out the other side of COVID-19 now, but lots of people are still working from home and will be for the foreseeable future. This creates an element of risk because you’ve got employees working on equipment that you potentially don’t have as much control over, versus having it in your office.
There’s also a risk from the downturn in the UK economy and every organisation trying to make cost savings. You can make cost savings, but if it’s going to be of detriment to your business because you’re cutting corners in your data protection strategy, you’re opening yourself up to serious risks.
What are RPO and RTO times? Why are they important?
Lawrence Harmer: RPO is your Recovery Point Objective, so that’s how far you want to be able to rollback to, or how much data you can afford to lose in your day-to-day working. So, if you have an RPO of an hour, you need to be taking hourly backups to be able to restore your data to the point of an hour ago.
Your RTO is your Recovery Time Objective, so that’s how quickly you can get back up and running again with that restore point from an hour ago, or whatever it is. They’re both important values. They need to be thought about carefully by organisations and determine what they are and what they need to do to be able to achieve those values.
Paul Houselander: You need to align your data protection needs, your RTO and RPOs, with your business needs. Here’s an example of why you’d want to do that. The lower the RTO and the lower the RPO means you’ll need a more sophisticated or complex backup system, which obviously costs more but if you know it costs your business £10,000 an hour when your systems are down or inaccessible, it’s worth the investment.
What are classic data protection mistakes and how can they be avoided?
Paul Houselander: The classic mistake is assuming it won’t happen to you because then you don’t prepare for the worst. Think about the value of your data to your business and what it means for your business to carry on functioning operationally.
Lawrence Harmer: The biggest mistake is not taking the basic steps to check how secure you are. It’s also a huge mistake if you don’t have an immutable copy of your backup. Nowadays, that is the most effective protection you could possibly have. An immutable backup is one that cannot be changed once it’s been written. You could be hit by any sort of attack and anyone trying to delete that backup cannot do it because it’s immutable.
What is the benefit of using a third-party provider like Vitanium?
Lawrence Harmer: We are backup specialists. We deal with backups day-in and day-out. There aren’t many problems we haven’t seen and can provide a solution for. If you’re outsourcing this to an IT company, or if you’re trying to do it yourselves, there’s the risk that backups and testing will fall to a low priority and create opportunities for data loss.
Paul Houselander: There’s a cost saving element to it as well. We can solve those problems quickly because we’ve seen most environments and can back up pretty much any system on the planet. We can pull it all together, look after it and manage it for you. That frees up your IT department to focus on more business strategy initiatives.
What 5 things can people do right now to improve their data security?
- Back up your data, check your backups and test them. Add an immutable copy into your backups for an extra layer of protection.
- Use MFA (multi-factor authentication) wherever you can and enforce a strong password policy.
- Staff training provides a strong layer of protection for businesses.
- Regular patching. A lot of ransomware attacks are successful because they attack a known vulnerability. Keep up to date.
- E-mail filtering or e-mail security solutions. The largest number of attacks come in via e-mail.
When should I use a third-party provider like Vitanium?
Lawrence Harmer: As early as possible. It’s never too early to put in a data protection strategy. What’s more, it’s easier when the amount of data and systems are lower. If you’re a startup, it’s easier to put a strong strategy in at the beginning rather than try and go around every system when you’ve got 100 employees. We fix problems but we’d much rather help with preventative solutions.
Does it matter where your data is held?
Paul Houselander: I think it does. We’re a UK based company, we only use UK data centres, we’re under UK jurisdiction. That’s comforting to a lot of businesses. When we’re talking to customers, it’s always something that comes up. They always want to know where the data is stored. And it’s always nice to be able to say to them, ‘If you want to, I’ll book an appointment, pick you up, drive into the data centre, take you to one of our racks and actually point to which discs your data is stored on’.
Lawrence Harmer: If you’re in certain industries, for example, education, healthcare, legal or finance, there is regulatory compliance and regulatory advice and laws about keeping your data within the UK. You need to be really careful if you send data off-site to make sure that data never leaves UK shores and that you’re acting within the law.
Protect your data now
Prevention is much better than an emergency cure if things go wrong. Your data is vulnerable to a huge number of internal and external threats. You also need to consider the cost of downtime or data recovery to your business, and your business’s reputation, not to mention possible regulatory fines.
If you want to make sure your data is fully protected, take Vitanium’s complementary no obligation health check questionnaire and let the experts help you.