Ahead of National Travel and Tourism Week taking place later this month, SWCRC Director Mark Moore has been answering some questions on the importance of backing up your business's data.
Why is it important for me as a local tourism operator to back up my data?
It’s important if you need your computer… imagine it not working, which is pretty much what happens if you’re hit by ransomware, and if you can think of something you’d miss, then there’s your reason for backup.
You need to understand what is really critical for running your business, where it’s held, and how you’d get to it if your computer was locked down. Some of your data will be accessible using another computer or a mobile device: maybe details of forthcoming bookings, which a booking agent might hold for you. Your emails might be ok too. But you’ll probably have client lists for mailings, a bunch of documents and correspondence, personal contacts of people who help you to run your business, and maybe even the records for your tax returns, held somewhere locally.
If you can’t access that information, then at best it’s going to be a pain, and at worst, it’s going to have a severe impact on your ability to successfully run your business. Recent research by Vodafone suggested that the impact of a successful cyber attack would be enough to sink around a quarter of small businesses. And with around 2 in 5 businesses spotting an attack every year, the odds for you don’t look great if you do nothing. But the good news is, if you have good contingency measures in place, you’re far less likely to be hit hard by an attack.
What are the risks to business if I don’t take these measures?
It depends on your business really: the question is, what would be the impact of losing your accounts? Your customer list? Your contacts? Legal and compliance information? There isn’t a one-size-fits all response and understanding your individual level of vulnerability is a really important part of understanding what you need to back up, and how often.
Within the last month, a global cyber security company looked at the cost and impact of ransomware. What they found was that where companies were prevented from getting to their data by criminals, even if a ransom was paid, only one in twelve of those was getting all of their data back. So about 97% of companies would lose some, or all of their data: unless they have it backed up.
What steps can I take to ensure I’m backed up?
If you have an IT provider, talking to them is a good first step. If you’re using cloud-based systems (where you can access your company software and information from any computer), then the good news is, lots of you will already have a back up process built in. But you’ll want to check how this works – do things get automatically saved?
How often are they backed up by your provider? How far back could you go? And if you’re simply operating off of a standalone computer with software installed on it, then you’re unlikely to have this protection in place. If that’s the case, you need to be taking regular backups. You also need to be keeping them separate from your core systems, because the criminal behind ransomware often set it up try to spoil any backups that it can as well, to increase the chance that you’re going to pay up.
The National Cyber Security Centre has some really good advice on how to deal with backup which is well worth a read: they’re the government experts on how to protect yourselves, and will always provide you with practical and understandable guidance.
How can the SWCRC help me and my business?
Firstly, it’s important to say that we’re not-for-profit, police led, and just here to help. We’ll only give you genuine guidance and advice which aligns with our core purpose: protecting regional businesses and charities from cyber crime. So how do we do that? Firstly, through our free core memberships, we’ll send you all you need to know about getting the basics of cyber security in place, including things like links to free e-learning for your teams.
Every month we’ll tell you about the latest scams, and about the most-up-to-date protection. We’ll also provide you with a bunch of free webinar opportunities, where you can speak with national experts direct. You can find recordings of some of these on our website right now. And because we know that cyber can be a confusing landscape, we’ll also aim to help you if you want more bespoke services.
Through our partnerships with the best and brightest ethical hacking students from the region’s universities, we can get someone to look at your systems, policies and processes for a very affordable rate.
And finally, if you need something more complicated, we also partner with local cyber companies who have the right accreditations, and have bought into our vision: so you can find a helpful expert without having to rely on google searches. Our aim is to help you every step of the way, and if you sign up for free, we’ll be here for you when you need us.