3 steps businesses can take to safeguard client data

By Chris Norton, Regional Director for Africa at Veeam

Cyber threats impact businesses of all sizes and across industry sectors. According to the Veeam 2022 Data Protection Trends Report, almost 9 in 10 South African companies have experienced a ransomware attack in the last 12 months. Across the continent, 71% of EMEA organisations suffered ransomware attacks, making cyber-attacks one of the single biggest causes of downtime for the second consecutive year. More significantly, 80% of organisations were unable to recover at least some of the data they had lost. Safeguarding client data in this challenging environment must therefore become a business priority.

The reality is that IT departments are constantly managing a trade-off between convenience and security. The Veeam 2022 Data Protection Trends Report further indicates that 86% of EMEA organisations have a protection gap between how much data they can afford to lose and on average, 16% of organisations’ data is left completely unprotected. It is the old adage ‘do you want it right now, or do you want it right?’ While businesses are understandably keen to prioritise investing in digital strategies that deliver competitive advantage, having an insurance policy against data breaches is always critical.

Hear more about cybersecurity at Sentech Africa Tech Week

Decision-makers need to be aware that there is no silver bullet when it comes to protecting against cyber threats. Cybercriminals are well versed in exploiting weaknesses in enterprise IT systems. It only takes one vulnerable entry-point to expose a company to crippling cyberattacks.

Local business leaders must sit up and take notice: data breaches are no longer an issue that exists within a company itself – they sit at the board level as well. Moving forward, business leaders should expect increasing momentum toward ensuring the right cybersecurity measures are in place. The Veeam report highlights how 78% of companies were unable to recover at least some of the data they had lost. Considering that the cost of a ransomware attack can amount to almost R7-million per incident, with $18-billion paid globally in ransom in 2020 alone, the problem is not going away.

Operational changes

Leadership needs to consider the following three elements when shoring up their organisational defences.

1. Everybody needs security training: Ransomware can spread through a system like wildfire, but it needs an entry point, such as an infected email, email attachment, or application. No matter their position in an organisation, any individual can potentially lead the ransomware into the system. This means the company must hold frequent training sessions on the latest cybersecurity best practices.

2. Keep software up to date: Cybersecurity software, such as anti-virus and internet security solutions, need constant updating. Installing the latest patches, security updates, and virus signatures can help a company eliminate the most common ransomware payloads. This must extend to all software including operating systems as an essential step to help minimise downtime and interruptions resulting from potential breaches.

3. Have a secure backup ready: A comprehensive backup strategy is something no company can afford to be without. If ransomware should infect mission-critical systems, being able to restore from a secure and reliable backup can save the company from downtime, data loss, and having to pay an expensive ransom.

Leadership spotlight

Beyond these operational measures, companies must also look at what they can do at a leadership level to improve the data security of their client data.

1. Strengthen the board’s cyber skills: The board must take an active role when it comes to cybersecurity preparedness. For this to happen, directors need to ensure that they are up to the task. Just like employees go on continuous training, board members must also educate themselves to meet the ongoing cybersecurity challenge.

2. Create a free-flowing information exchange: Furthermore, management needs to develop a mechanism that promotes consistent communication about cyber risks and strategies. Managers should set aside time for intense interaction about plans, procedures, and ongoing issues relating to cybersecurity risks. It is important for the mechanism to include stakeholders from a variety of departments – everybody from business to IT to the legal staff to HR and marketing.

3. Designate an executive sponsor: Even though cybersecurity extends company-wide, the development of a response plan is best left done to an individual. This person does not have to develop the entire plan. However, the person should be a leader who has the authority to drive change and gain alignment across the company. In theory, the CIO, CISO, or CSO should be well positioned for this task. It makes more sense for a company to appoint a business leader in this role. It is less about the technology being used and more on understanding the impact on revenue-generating activities and operations.

4. Assigning roles: While the CSO and CISO set the security agenda, other leaders also need to become involved. For instance, CFOs must ensure that a level of security is being built into all the company’s financial processes. HR directors need to vet new hires more diligently and serve as conduits for employees’ comfort with security practices. Sales leaders need to promote security hygiene, especially with travelling agents whose virtual access makes them prime targets for hackers.

You can attend Sentech Africa Tech Week virtually too

Taking ownership

While businesses can outsource data management to cloud service providers (CSPs), they can never outsource responsibility for their data. This is where Modern Data Protection comes in. IT departments must embrace Modern Data Protection and ensure all data is backed up, recoverable, and secure across their entire data management provision

One of the best ways to manage this is through a data protection strategy that follows the 3-2-1-1-0 rule. Companies must maintain at least three copies of their data, on two different media, with at least one copy stored at an offsite location, one copy offline, and all backups being verified containing no errors.

Today, it seems being breached by a ransomware attack is an inevitability. However, this does not have to cost the business significant portions of its profits. With the right cybersecurity infrastructure and training in place, local companies can sufficiently prepare and defend themselves against the dangers of ransomware and other cyber threats in the digital world.

With over 25 years’s experience in the IT sector, Christ Norton has a wealth of experience working in digitally-driven businesses. Norton joined Veeam as Country Manager of Africa in May 2021. Prior to that, he was the Regional Sales Director at Dell Technologies for four years. He has also held various senior leadership roles at ServiceNow, VMware, Citrix and Workgroup Distribution.