43% of SMEs unprepared for data disasters, Symantec report reveals

Small businesses are not prepared for any major disasters that could wipe out their crucial data and few do not even practice regular backups, security firm Symantec has warned, leaving SMEs incredibly vulnerable to a major crisis.

The warning comes as a separate report from think-tank Kokoda has warned the Australian Government is susceptible to international cyber-attacks that could bring down essential systems such as water, transport and utilities infrastructure.

“We are not keeping pace with the growing threat and as a result we are placing our collective and individual security at risk,” the report warns.

Symantec has said in its 2011 SMB Disaster Preparedness Report that SMEs are not only ignoring the essential practices they must use to prepare for data loss, but they are losing thousands of dollars by not doing so.

The survey of 1288 SMBs worldwide, of which 200 were located in Australia, found that a massive 43% of businesses don’t have a plan if they suffer a data disaster. Of those, 8% have no plans to create s strategy and 35% intend to create one sometime in the future.

The survey reveals more disturbing statistics.

When asked why those businesses don’t have a plan if their data is lost or website taken offline, a shocking 55% said that thought never even occurred to them. A further 18% say disaster preparedness isn’t even a priority, and 9% think computer systems aren’t critical to the business.

However, Symantec director for SMBs in Asia-Pacific Steve Martin says these businesses are most certainly at risk and the potential for catastrophe is greater than they expect.

“There are businesses that may not expect to be hit, and as we’ve seen in Queensland there are businesses that can be affected even in capital cities,” he says.

The survey found 73% of SMBs live in regions susceptible to natural disasters.

“But those natural disasters aren’t the only types of challenges. The most common disasters we’re seeing are IT system failures, power outages and human error. They can have just as big an impact as a natural disaster could.”

The survey also found that the average business experienced four different outages last year, and that employee accidents and power outages were among some of the top reasons.

And when those disasters occur, the effects are devastating. The survey found that 50% backup less than 70% of their data, and that 50% back up weekly or more frequently – only 23% are practicing a backup every day.

And these backups aren’t complete – 28% don’t back up email, 15% don’t back up application data and 14% don’t back up customer data.

And in a sign that businesses are not prepared for a disaster, 50% said they would lose at least 30% of their data if disaster struck.

In order to survive a disaster, Martin says businesses need to complete five tasks: make a data recovery plan as soon as possible before disaster strikes, protect information completely through regular daily backups and get employees involved in the backup and safety procedure.

“Since SMBs have few resources, all employees should know how to retrieve the businesses’ information in times of disaster,” the report states.

Finally, the report also states that businesses need to test their backups frequently and review their plans as often as possible – at least one hour every six months.

Not being prepared has a massive financial impact. If a business suffers an outage, it costs them an average of $32,800 per day and SMBs won’t likely recover all of their data when systems come back online.

Martin says businesses need to start taking recovery seriously and protect their data through regular backups, with the disasters in Queensland only showing one possibility of how businesses can be affected by outages.

“Today, a company’s information is its livelihood and SMBs cannot afford the risk of losing it. By taking the time to do some simple planning, SMBs can protect their information and minimise downtime during a disaster, maintaining the trust of their customers and keeping their businesses running smoothly.”

Meanwhile, Kokoda has released a new report stating the Government needs to adopt a cyber-security strategy in order to protect essential resources from international attacks. The report argues that as cyber-crime increases, hackers become more powerful and governments rely more on the internet to do business, critical elements of society are more susceptible to attack.

“Significant weaknesses within industry need to be addressed, including the lack of effective governance, poor understanding of the cyber threat, and the sharing of data.”

“Many small businesses adopt the ‘it won’t happen to me’ attitude, placing themselves and others at risk if their systems are compromised and exploited through cyber intrusions.”

The report recommends the construction of a national Cyber Security Strategy in order to prevent a “cyber 9/11” that could threaten critical utilities and government systems.

In order to accomplish this, the report says that government departments, agencies and interest groups need to work together in identifying priorities and resources that would be needed to adopt a national strategy.

This strategy would be a 10-year vision of what needs to be achieved in order to secure department systems and data networks.

“Most importantly, it could highlight the need for a flexible and innovative approach to dealing with threats that are as yet undefined and provide the vision of how those characteristics can be enhanced in the Australian environment.”

Practical methods for improvement would include:

  • Developing a nation-wide program that would include a National Cyber Strategy and Plan.
  • Assign a head of that program to coordinate security issues across government departments.
  • Introduce a National Security Innovation Centre, a virtual cyber academy and a cyber test range.

“Australia needs to further harmonise the roles and responsibilities of government, industry and the public.”

“While there will be technical challenges in meeting the evolving threat, the greatest challenges will centre on the cultural and organisational changes that will be needed to improve Australia’s security in the cyber environment.”

COMMENTS