IT security, information security and data security are three terms to describe the same important task: in times of explosive data growth, SMEs must protect their company- and production-relevant data as well as they can. Read here what you need to be aware of in this context.
The term information security encompasses all theories and measures for the protection of knowledge. The goal os to ward off threats, avoid damage and minimzie risks. An important area of information securtiy is data security. The topics Big Data and DSGVO-Reform have brought them into the focus of a broad public.
The Varonis Global Data Risk Report 2018 study recently showed that the average cost for a company to repair the damage of a single malware attack is now around $2.4 million. A far better idea is to avoid any risks in good time and invest in technological data security measures. Many companies are doing just that. Total spending by companies on data and information security has risen from $102 billion to $124 billion in the last two years.
Why SMEs should play it safe
‘It is no longer a question of if a company will be attacked, but rather when. Regardless of company size,’ explains Florian Goldenstein, Head of IT Security at Konica Minolta Business Solutions Germany GmbH. ‘Major companies are increasingly well prepared for cyberattacks these days. That is why the focus of cybercriminals is more and more often on small and medium-sized enterprises, SMEs for short’, says the security expert.
On closer inspection, companies are ‘easy prey’. In the study mentioned above, around three quarters of all companies admitted that they administer more than 1,000 outdated sensitive files, which represent a major security risk. 41% of all companies even reported that they have sensitive databases, such as credit card numbers or medical files, that are completely unprotected.
The anticipated growth in data by 2025 is huge
If you look at the predictions of Statista GmbH for annually generated quantities of digital data each year, you can immediately see how important the topic of security is now and will continue to be in future. The data quantity is set to grow from around 33 zettabytes in 2018 to 175 zettabytes in 2025. By way of explanation: one zettabyte of storage space is equivalent to 1,000 exabytes. In figures, that is a one with 21 zeros.
The Data Age 2025 study by IDC and Seagate also assumes a huge growth in data by 2025. Whereas up to now end consumers have provided the majority of the data generated worldwide, the study anticipates a move towards companies in the future. In 2025, the experts expect that companies will generate around 60% of the global data quantity. The study states that through the Internet of Things (IoT) alone, end consumers in 2025 will interact with networked devices 4,800 times a day on average. And all that data needs to be protected.
Data growth requires data protection and data security
In order to securely manage data growth and the resulting amounts of data, two important concepts need to be intertwined: data protection and data security. The two terms are often used interchangeably, but their meanings are somewhat different. Here are the two definitions:
- The definition of data protection:
Data protection guarantees every citizen the right to informational self-determination and protects against misuse of personal data. The question of whether and which data may be collected and processed is also a matter for data protection.
- The definition of data security:
Data security refers to technical solutions and organisational data security measures to protect administrative and corporate data. It determines and establishes what measures are taken to protect data. The term information security includes all types of stored information.
Data security defines holistic goals
Whether personal data or data relating to development, production or customers: data security must take into account various aspects to prevent precious company data from becoming an attractive target for hackers or cyberattacks. With this in mind, comprehensive objectives are defined, in order to meet the needs of all these aspects.
The most important objectives of data security are:
- Preventing data misuse, e.g. through damage, deletion or theft of data
- Optimal protection against external attacks such as cyberattacks
- Careful internal protection, regulating access and rights of employees; an important principle is confidentiality
- Despite secure care, all company data must be accessible and available at all times
- Of course, the authenticity of the data must also be guaranteed
- Finally, data security ensures that all data is and remains undamaged (integrity)
Professional concepts and measures for data security are of fundamental importance
Strategically planned concepts and measures for data security consider all these objectives and include a holistic security concept. That is of fundamental importance, because IT experts know from experience that: ‘the more you can do with it, the more they can do to you.’ In other words: if data is of a lot of use to you, it could also be a lot of use to someone else.
Technical IT landscapes and structures are complex these days. Many business workflows are arranged across borders, with data made available and used internationally.
Small and large companies are increasingly adjusting to the new situation, growing and working more and more efficiently. But the new methods of work and production are also making them more vulnerable.
Data security measures: are you familiar with these five measures?
An integrated security concept comprises a number of different, efficient measures. These include, but are not limited to, the following five topics that should be considered in terms of security:
Network or perimeter security
This includes security measures such as a firewall, for example. Firewalls are security systems that protect individual computers or computer networks against undesired network access. This level also includes encryption technology.
This includes company-internal password protection, virus protection and anti-spam measures.
It is also important that all company data is protected by secure access control.
Protection against data loss
Cyberattacks, power cuts, short circuits or fire: there can be many reasons for a surprise loss of data. Protocols and log files can follow up on the reasons for the loss with the help of various backup tools, while backup software ensures that there are secure copies of all data.
Security and data exchange
For the internal as well as external communication and cooperation a secure data exchange is indispensable.
Good security concepts also consider the human factor
Security threats are not limited to malware and hackers. A comprehensive and professional security concept thus includes training for all employees.
The human factor is also a major weak point: among other things, a lack of security awareness leads to attachments infected with malware being opened or dangerous links being clicked
Whether they are in purchasing, sales, customer care or development: every employee in a company should understand that data security is a core success factor, especially in times of rapidly increasing company data growth. It is important that everyone is familiar with the data security standards within the company and knows what to do if a security-critical incident does occur.
A transparent IT infrastructure is of fundamental significance
The basic prerequisite for perfectly functioning data security measures is a clear and transparent infrastructure.
The following areas are of central importance for a carefully planned IT infrastructure:
- Company-own servers / protected data centres
- Cloud solutions
- Security / failure protection / system failure protection
- Risk analysis / protection needs analysis, authorisation management, end-point security solutions, mobile device control
- Network / network security
Would you like to know more about your company-internal IT infrastructure?
Perform the Job Wizards Readiness Check
. In theory, good IT is carefully planned like a beautiful city with central squares and flowing traffic – but in many SMEs the hardware, software and co. form a functional but complex mix. What is the situation in your company? Take an initial inventory with our IT Readiness Checklist.
Data security measures also require a good fire brigade: secure the future with incident response
SMEs are well set up if they are optimally prepared to act as quickly as possible even in the emergency event of a cyberattack. To this end, it is helpful to establish and strengthen strategically planned incident response processes. In the event of an attack, malware can then be discovered faster and the damage that has occurred can be contained.
After an attack, containment and, if necessary, rectification, competent IT security experts are needed for the “lessons learned” phase. Specialists specifically trained for such cases use forensic methods and measures to look for the vulnerable points that got the company into the unfortunate situation in the first place. In addition, they analyse the infected systems to trace the path of the attack. On the basis of this analysis, a strategy is then developed in order to better protect the data against similar attacks in future.
SMEs that regularly carry out random checks on all data security measures and systems stay on the safe side. In this way, valuable data is protected better in the long term and the current security situation in the company can be accurately estimated at any time.
Data #security is increasingly becoming a success factor for companies. Find out how you can comprehensively and proactively secure your #data in times of huge growth in data. #jobwizards https://km.social/3oChtyW
Interview on data security for SMBs with two Konica Minolta IT experts