Understanding the Importance of Data Storage and Backups for Small Business - 5/6/2018

| Tuesday June 5

Small Biz Matters – a half hour program each week where you can work ON your business rather than IN it.
with Alexi Boyd from Boyd Office Management Services
Date: 5 June 2018

The Cloud. We get it, we use it. We count on it.

Every day when operating as a small businesses we rely heavily on the cloud and internet storage. We assume it's safe, secure and backed up SOMEWHERE. We assume it's available anytime and reliable and we assume the content we produce is ours to do with what we wish. But we’re not careful enough.

But like all things (except death and taxes as they say) you can’t be sure of it. You need to be in control with this extremely important tool of your trade. What if you can’t find an important document? What if the storage you relied on suddenly wasn’t there? What if you never backed up?

Well today we have on the show another great expert; Gunnar Habitz to help us navigate through the complexities of Cloud storage but like always on Small Biz we’ll make sure you have practical strategies to ensure you take control.

Welcome to the show Gunnar.

Topics covered in part two:

  1. Cloud in general
  2. Cloud storage vs. cloud backup comparing different tools
  3. How does a typical IT setup of Small Biz Owners looks like and who helps with IT tasks
  4. What does RPO and RTO mean and why is it important
  5. Business Continuity and Risk Management instead of just backup
  6. Cyber insurance
  7. Ransomware attacks
  8. Cyber security issues
  9. What about the new “Notifiable Data Breach” law in Australia
  10. Impact of the new “Notifiable Data Breach” law in Australia
  11. How to get attention for the topic


1. Cloud in general

  • Benefits for customers: agility, flexibility, choice, PAYG
  • Cloud is a journey instead of destination
  • Public, Private, Hybrid cloud
  • On-premise, IaaS, PaaS, SaaS - see the Pizza-as-a-Service example below
  • What’s in the cloud, stays in the cloud - but getting it back is another topic


2. Cloud storage vs. cloud backup comparing different tools

  • Cloud synchronisation services: Dropbox, Box, Google Drive, Microsoft OneDrive
  • Many of them don’t have versioning (Dropbox EVH has at least 120 days)
  • What’s deleted on one device gets deleted on another as well upon connection
  • Hard to get anything back from the cloud sync providers
  • Proper cloud backup provides versioning in all possible local retention possibilities and clients can get back their data as part of the service by themselves of their partner
  • Example Office 365 can be added by a backup solution (e.g. SkyKick) which is designed for one-click restoring data straight into the mailbox without an PST file export by maintaining the initial structure


3. How does a typical IT setup of Small Biz Owners looks like and who helps with IT tasks

  • On-premises: notebook(s), printing, potentially a server for files or databases
  • Cloud services like Office 365, Google G Suite, AWS, Xero/MYOB, CRM, specific apps
  • Managed Service Providers (MSPs) deliver IT as a service based on SMB demands including backup, but also on-premise infrastructure from capex to opex
  • Small Businesses should focus on the business outcome for their clients, not on technology


4. What does RPO and RTO mean and why is it important

  • Two most important numbers in backup and DR before and after a disaster point
  • Recovery Point Objective: maximum targeted period in which data might be lost
  • Recovery Time Objective: targeted duration of time after a disaster to be fully restored back on track
  • The requirements are included in a Business Continuity Plan and have significant effect on the IT design
  • Every company - small or large - need to specify its risk appetite


5. Business Continuity and Risk Management instead of just backup

  • Provides principles and generic guidelines on risk management
  • Worldwide standard ISO 31000 has been created by Australia/NZ initially (2004)
  • Example: 6% of data restored * cost of getting it back (but how to estimate?)
  • Business Continuity and Disaster Recovery include more than IT, in the first place care about people


6. Cyber Insurance

  • Some see backup like an insurance, but the reality is different
  • The cyber insurance covers for lost revenue in a data loss, but doesn’t get the data back
  • The backup provider gets the data back, but doesn’t cover lost revenue
  • It is a complementing solution usually not offered together
  • No cyber insurance without proper backup and DR solution in place


7. Ransomware attacks

  • Talking about a concrete example
  • Can arrive per email or even inside an internet connected printer or scanner
  • Attacks not only local infrastructure, but also the cloud if not well protected
  • 60% of SMEs went out of businesses in the next six month after a significant breach (Australian SME numbers), 80% don’t survive the second year
  • A victim shared his story at the Australian Information Security Association (AISA): the company had a plan to be listed on the ASX within three years, instead they got a severe hack with data breach and it took the owner more than a year to consider working again due to the psychological damage


8. Cyber Security

  • 46% of the world population is already connected
  • IoT sensors and devices are expected to overtake smartphones still in 2018
  • Australian numbers
    • The Government estimated the average cost of a cybercrime attack to a business is A$276,323
    • 43% of cybercrimes attack small businesses as they can’t simply prevent it easily
    • Largest cost factor of cybercrime are information loss (39%) and business disruption (36%)
  • Australian Computer Society (ACS) published worldwide data from the Verizon 2016 Data Breach report
    • 63% of breaches are caused by weak, default of stolen passwords
    • In 93% of cases hackers took minutes to break and companies weeks or months to discover
    • 95% of attacks are financially motivated
    • Nearly 30% open phishing emails, 12% clink on the links or open the files (attention on smartphones)
    • Every minute half a million attacks happening in cyberspace
    • Cyber industry estimated US$639B spending in 2023
  • So what can we do?
    • The security strategies with biggest return are adding security intelligence systems (67%) and advanced identity and access governance (63%)
    • Top tips the Optus “Small Business Guide to effective Cyber Security”: regular backup, secure passwords and multi-factor authentication, security updates, administrative accounts control
    • Leadership must provide a cyber-aware culture educating staff and clients
    • ACS considers 5 pillars of cybersecurity readiness: education & awareness, planning & preparation, detection & recovery, sharing & collaboration, ethics & certification
    • Managed Service Providers and specialists like Witz Cybersecurity (www.witzcybersecurity.com) consult Small Businesses


9. impact of the new “Notifiable Data Breach” law in Australia

  • In place since 22 February 2018 to report data breaches within 30 days
  • Most often data breaches haven’t been made public not to destroy brand reputation
  • Australian Cyber Security Centre (ACSC) reported that 51% of Australian SMEs found out about a data breach when alerted by customers
  • Fines: $360K for individual and $1.8M for companies above $3M turnover if not reported in 30 days
  • View of the Ransomware programmers: “if you don’t pay me in Bitcoin, then I will breach your data and force you to pay the fines”
  • First quarterly report shows 63 published data breaches within six weeks, mostly health service providers, legal, finance, education and charities
  • Half of the breaches occurred due to human errors
  • The reality might be higher as many companies don’t report or don’t even know


10. Impact of the new “Notifiable Data Breach” law in Australia

  • Most companies recently sent newsletters with updated privacy policies or partially new opt-in requests
  • Background is the European General Data Protection Regulation binding those who are physically in the EU, not just official residents or citizens
  • Barrister Talitha Fishburn of Wardell Chambers shows the Australian impact (https://www.linkedin.com/pulse/big-data-so-what-australian-businesses-impacted-new-eu-fishburn/)
  • GDPR covers data processing to raise more awareness
  • Backup providers don’t see into the encrypted data about any European personal data insight, so better to be compliant
  • Consent: continue marketing to B2C with an active opt-in for newsletters and to B2B if business customers didn’t provide a subsequent opt-out
  • Many software vendors updated their processes, Marketo as a leader in marketing automation sees GDPR as a worldwide activity
  • Portability: users have the right to obtain the transactional history of personal data
  • Right to be forgotten: consumers have the right to have their information deleted (how do you know where exactly you stored their data?)
  • Data breaches: must be reported within 48h, otherwise fines in two steps up to €20M or 4% of global annual turnover whatever is greater


11. How to get attention for the topic

  • Don’t think just backup as nice to have (like regular dentist visit fixing one tooth), rather think comprehensive availability (like the winning smile when all teeth are in order)
  • Business consultants and MSPs convince owners better than box moving IT resellers


KeepItSafe helps Small Businesses in Australia and New Zealand to protect from data loss because downtime is not an option. We consult and discover the right solution for the requirements of SMEs in a tailored approach

To find out more, go to the website www.keepitsafe.com/au, contact sales@keepitsafe.com.au or call 1300 722 344