GSMA real-time intelligence data estimates there are now over 5.15 Billion people worldwide with mobile devices. With over 66% of the world’s population having a mobile device (cell phone, tablet or cellular enabled IoT devices) security is becoming a top priority for both businesses and individuals. Furthermore, as the number of devices continues to increase at record rates, so too do the threats from cybercriminals. One of the biggest threats to devices today is Malware. The McAfee Mobile Threat Report estimates the average person has 60-90 apps installed on their phone. These apps can do anything; online banking, controlling home heating, gaming, and help us work more efficiently. But our love of apps comes at a price. Symantec research found an average of 10,573 malicious apps are blocked each day. Additionally, the research found 1 in 36 mobile devices have high risk apps installed – in other words,  Malware.

What is mobile malware?

Mobile malware targets the operating systems on your phone for the purposes of doing “malicious things”. It includes spyware, adware, drive-by downloads, viruses, trojans, phishing, and browser exploitation. Even if your app isn’t malware, it may be susceptible. Research suggests that 76% of apps have insecure data storage, making them a popular target for cybercriminals.

5 ways your mobile device gets malware

SecurityMetrics highlights the top ways your mobile device gets malware.

  1. Downloading malicious apps – Malicious apps contain spyware or other types of malware designed to cause havoc with your system and steal data. Downloading apps from unfamiliar sources or in some cases even legitimate app stores can give you more than your bargained for.
  2. Ignoring regular operating system updates – We all do it, but the fact of the matter is ignoring regular operating systems updates exposes us to vulnerabilities and puts our devices at risk.
  3. Opening suspicious emails – Opening suspicious emails, and clicking links, or downloading files can guarantee a bad outcome.
  4. Using non-secure Wi-Fi/URLs – Public Wi-Fi and insecure websites increase your exposure to malware. You run the risk of exposing sensitive data transmitted from your device, as well as, being more susceptible to “man-in-the-middle attacks”.
  5. Receiving text message/vmail phishing – Just like in an email no legitimate source is going to ask for personal information about you or your device in a text message or vmail.

5 ways to protect your mobile device from malware

  1. Update, Update, Update – Ensure you keep your operating system and apps up to date with the latest versions of software. This guarantees your device has the latest security patches and critical software updates.
  2. Consider a VPN – A virtual private network (VPN) provides a secure way for you to access and share information over public Wi-Fi networks.
  3. Utilize mobile security software – Mobile security software prevents your phone from being infected with viruses and malware. It is similar to how antivirus software protects your computer.
  4. Download from trusted sources – Download from official app stores and only from reputable app creators (think companies).  Be skeptical of free apps that give you free things.
  5. Train employees – Regularly train your employees on cybersecurity, including mobile device security. Additionally, make sure you have security policies in place that include the use of mobile devices.

Backing up your data to the cloud won’t prevent mobile malware threats, however it ensures your data is protected. Regularly backup all of your important data – Implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Wondering why you should use cloud backup? Top reasons include technology failure, cost savings, and security. We break it down in this informative infographic!


cloud backup infographic

(View infographic as a PDF)

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Data is everywhere; it’s like air. And the volume of data companies are accumulating is growing at an exponential rate. It is estimated that by 2020 every human will create 1.7 megabytes of information each second. This works out to more than 2.5 quintillion bytes of data a day. With data accumulating at such a rate, employee data theft is becoming more of an issue for organizations. Quest research found that 90% of organizations believe they’re vulnerable to “insider” theft. We often only hear about external data breaches, but the ramifications of an insider data breach can be just as destructive – if not more.

Alarming stats about employee data theft and loss

  • 27% of data breaches are caused by human error. (IBM)
  • 87% of employees who leave a job take the data they have created with them. (Biscom)
  • 8% of employees leave with data other employees have created. (Biscom)
  • 53% of companies had over 1,000 sensitive files open to every employee. (Varonis)
  • 15% of companies found 1,000,000+ files open to every employee. (Varonis)
  • 55% of security professionals believe privileged IT users or admins are the most dangerous insiders. (Crowd Research Partners)
  • 25%+ of employees say they leave their computer unlocked and unattended. (Shred-it)
  • 1 in 4 executives and 1 in 5 small business owners said that a trusted vendor/partner was the cause of a data breach at their company. (Shred-it)

So what’s driving employees to steal data? In Verizon’s 2018  Data Breach Investigations Report, Verizon found that almost a third of all data breaches were insider jobs, and 75% of these were driven by profit, with ‘pure fun’ another top motivation.

The Verizon 2019 Insider Threat Report outlines the top 5 most common types of malicious insiders (not in any order):

  1. Careless workers
  2. Inside agents
  3. Disgruntled employees
  4. Malicious insiders
  5. Trusted third party’s

Preventing employee data theft

Control access

Limit access to your organizations sensitive data. 75% of employees say they have access to data they shouldn’t. Segregate sensitive or confidential data from your other data and limit access. Also, encrypting sensitive data is a good idea.

Automatically remove access

Create an automatic process for removing employees or vendors access to systems and data when they leave the organization or change roles. First of all, consider access to devices like computers and mobile phones, but also other areas like servers, intranets, business applications (email, ERP, CRM) and SaaS based software. A report from Ostermann Research found 67% of organizations couldn’t be sure they would detect if an employee who left was still accessing corporate resources. Even more alarming is 76% have no way of knowing when third parties such as contractors stop working on an organization’s systems and data.

Monitor systems and behavior

Watch for suspicious network traffic, including large volumes of outbound activity, remote connections or off-hours activity.  Monitor employee behavior including the use of external storage devices, cameras and cellphones.

Password protection

Secure all computers and devices with passwords. Ensure password best practices are followed, including updating passwords when an employee leaves an organization.

Secure network access

Secure network access with a firewall and ensure employees are remotely accessing the network through a Virtual Private Network. Additionally, encrypt and secure your Wi-Fi networks.

Employee education

Train all employees on cybersecurity, proper data handling and storage, and password protection practices. More importantly ensure employees understand the value of data and who owns the data.

Use the cloud

Protect your data by backing it up to the cloud. Backup best practices recommend you to keep 3 copies of data – one primary, two backups (usually 1 is a primary backup and 1 is mirrored on disaster recovery equipment). Implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Malware threats are on the rise! So how are these viruses, worms, and trojans continuing to infiltrate businesses around the world? We break it down in this informative infographic!

Top 7 Weaknesses Malware Exploits

(View infographic as a PDF)

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

These days virtually every device, app or website requires a password. It is estimated that by 2020, the number of passwords used by humans and machines worldwide will grow to 300 billion. With that many passwords flying around, it’s important to consider some common mistakes and password best practices.

9 common mistakes when creating passwords

The 2019 Verizon Data Breach Investigations Report found that 80% of hacking-related breaches involved weak password credentials. In their 2017 report this data point was 81%, so the lack of change shows how much of an issue weak passwords continue to be. Varonis has found that 65% of companies with 500+ users, never prompt users to change their passwords. It is also estimated that 28% of adults in the US use the same password for all of their online accounts.

Troy Hunt identified some of the worst passwords in version 2 of his Pwnd Passwords. Included in the list were 123456, 123456789, qwerty, password, 111111, 12345678, abc123, password1, 1234567, and 12345. The National Cyber Security Centre in the United Kingdom found in a breach analysis that 23.2 million victim accounts worldwide used 123456 as the password.

CNBC outlines 9 of biggest password mistakes:

  1. Changing passwords too often
  2. Making them too complex
  3. Not screening them against lists of compromised passwords
  4. Recycling the same passwords
  5. Being too familiar (using pet names, birthdates, etc.)
  6. “Remembering” password on a device
  7. Using common, easily hacked characters (123456, qwerty, etc.)
  8. Not password protecting mobile devices
  9. Storing a password list on computer

Password Best Practices

Now we know what not to do! Let’s review recommended best practices for setting and storing passwords.

  • Create a strong password – There are lots of opinions about what makes a strong password. In general, a strong password has a combination of upper and lower case letters, numbers, and characters. Opinions on password length range between from 8 to over 20 characters. Ensure you create a strong password for each account/website/device.
  • Stay away from the obvious – Avoid common passwords like noted above and easily identifiable information.
  • Leverage twofactor authentication –  With two-factor authentication just having your password isn’t enough. This precaution requires a PIN that is sent to you via email, SMS or app, to be entered with the password.
  • Test your password – Make sure your password is up to security standards by running it through an online testing tool. Microsoft’s Safety & Security Center offers a password testing tool that helps individuals and organizations create passwords that are less likely to be hacked.
  • Use a password manager – While people are good at remembering a great many things, relying on the human memory to store important passwords is risky. A password manager stores the unique passwords you have created for every website and will even help come up with passwords. It generally installs as a browser plug-in to handle the capture and replay of passwords. Recently, PCMag reviewed popular password managers for 2019, including Dashlane, Keeper Password Manager & Digital Vault, 1Password and LastPass Premium.
  • Change your passwords – It is tempting to keep using the same password, but changing your password periodically is a good idea. The Better Business Bureau suggests changing passwords every 30 days. However, many security professionals believe changing passwords frequently makes things worse as people have too many passwords to remember and use simpler passwords. Definitely change your passwords when there has been a security incident or cyber attack, unauthorized access, or you have logged into an account on a public computer.

Protect you and your information

Take the following steps to protect yourself and your data:

  • Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.
  • Ensure versioning is in place for files, sync and backups. This means saving versions of documents to protect against accidental deletion and for audit purposes
  • Ensure you and your employees are regularly trained on cybersecurity, proper data handling and storage, and password protection practices.

Remember, it only takes 1 weak password to compromise your systems, network and data.  Don’t be a victim, proactively protect your systems, network and invaluable data by implementing these 9 tips of what not to do, and 6 tips on what to do.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Backing up your data is like insurance. You need to do it so you’re prepared when disaster strikes. From natural disasters to hardware failures to malware, the threats are significant. Seagate reports that 140,000 hard drives fail in the United States each week. Cybersecurity Ventures claims that today, a business falls victim to a ransomware attack every 14 seconds – and this number will increase to every 11 seconds by 2021. CNBC reports natural disasters cost the United States $91 billion in 2018.

Not all backups are equal. Businesses can choose between backing up data to the cloud, or backing up data locally and on-site.

We’re going to shed some light on cloud vs on-site backups, and top considerations when evaluating which option makes sense for your business.

An Overview of Backups

Backup refers to the one way copying of data (folders & files) from one location to another. It’s a snapshot in time, or your data, at that time. Generally, most users and small businesses backup files to external hard drives, servers, or the cloud. Backing up is the most reliable way to protect your data and ensure business continuity when you experience major problems such as hardware failures, viruses, or natural disasters.

Individuals and businesses can either backup their data in the cloud (cloud backup) or locally (on-site).

Cloud Backup 

Cloud based backup services eliminate the need for you to have the necessary infrastructure in your business to backup locally.  This includes local storage hardware like external drives, storage servers (NAS devices), tape, optical storage and related hardware. Data backed up to the cloud is encrypted and transmitted securely over the internet to a data center that houses the hardware on your behalf. Cloud backups come in a few flavors – private, public and hybrid.

Private cloud refers to a network, hardware and storage dedicated to a single organization. It is a costly option for anyone other than a large enterprise.

Public cloud refers to a cloud services provider who supplies the infrastructure and backup service; shared across many individuals and businesses. Public cloud providers provide greater scalability. However, data security is a concern since data is stored outside the organization. Popular public cloud backup services include Data Deposit Box, iDrive, Carbonite, Acronis, AWS Backup, Azure, Google Drive and iCloud.

Hybrid cloud is a mixture of both private and public cloud. Many hybrid cloud scenarios backup the majority of data with a public cloud solution; as it’s more scalable and cost effective. A private cloud may be used for sensitive data that is contractually obligated, or is required by law or regulation, to stay onsite.

On-Site backup overview

On-site backups are typically housed in an office. Data is backed up to devices such as network attached storage, storage servers, and tape. Generally, the backups are stored onsite for a period of time and then archived in secure offsite storage. Often organizations start by backing up to an on-site device, but find the cloud backup services to be a more viable solution because of recovery time, security, and costs.

Research by Clutch predicts 78% of small businesses will back up their data on the cloud by 2020. While the Acronis  2019 World Backup Day Survey found 48.3% of businesses rely exclusively on cloud backups and 26.8% use a combination of cloud and on-premise.

Which Backup Option is Right for You?  Top 3 Considerations for Choosing Cloud vs On-Site Backup

Recovery Time Time is money and the longer it takes to recover your data after a disaster, the higher the financial impact. Recovery time is highly dependent on how you’ve been backing up your data. On-site backups take hours, days, or even weeks to recover, depending on how and where they are stored. With cloud backups recovery time may range from minutes to hours. Only an internet connection is needed to start the recovery process.

Security – Backing up data on-site exposes it to the same risks as your business. Risks include natural disasters, fire, technology failures, and cybersecurity breaches. Cloud backups alleviate some of these issues as data centers are protected by tight security and have redundancy built-in.

Costs – With on-site backups you’re responsible for both the cost and maintenance of the infrastructure required. Costs include software, hardware, personnel, and overhead such as electrical. With a cloud backup solution you’re only responsible for the costs of storage you use. Backup-as-a-Service (BaaS) providers like Data Deposit Box charge a flat rate monthly fee based on the amount of data stored (measured in GB) per month. Additionally, they provide an easy to use calculator to help estimate your monthly storage costs.

When considering which option is right for you, it’s also important to think about the following:

  • Protecting your most valuable asset – data
  • Backup best practices require firms to keep 3 copies of data (one primary, two backups (usually 1 as a primary backup, 1 on mirrored on disaster recovery equipment)
  • Offsite, real time cloud storage of your data is the only true way to protect you against hardware failures, a disaster (flood, fire etc.), and malware

Don’t wait for a disaster or malware to strike. Protect your data!

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

The question isn’t if your business will experience a disaster, it’s when. From hardware failures to natural disasters to cybercrime, the threats to your business are growing in number and severity. Seagate reports that 140,000 hard drives fail in the United States each week. Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 14 seconds by 2019, and every 11 seconds by 2021. CNBC reports natural disasters cost the United States $91 billion in 2018. When your time comes, what impact will downtime have on your business?

The impact is huge

Gartner estimates the average cost of downtime to a business is $5,600/minute or ~ $300,000/hour. With this number in mind, it’s not hard to see that cyber threats have the potential to have a devastating impact on a business. Osterman Research found that 22% of businesses with less than 1,000 employees cease business operations after a ransomware attack. And the impacts aren’t just financial. For businesses that do survive, disasters also negatively impact morale, company reputation, productivity, and customer loyalty.

Is your business ready?

With natural disasters, cybercrime, and technology failures in the news everyday, every business must have a disaster recovery plan, right? A survey of SMEs (small and medium-sized enterprises) by Riverbank IT Management research found that 46% of SMEs don’t have a backup and disaster recovery plan. For those that do have a plan, 23% have never tested it. A 2018 Global Data Risk Report by Varonis found 21% of files in an organization are unprotected. So when disaster does strike, and there’s no plan or protection, if you’re lucky enough to survive, the financial and non-financial cost will be enormous.

The good news? Research from Datto shows that 90% of businesses with a disaster recovery plan fully recover.

Building a disaster recovery plan

A disaster recovery plan outlines the policies and procedures an organization needs to follow should a disaster strike. The objective is to protect the company’s most valuable assets (data, systems etc.), reduce downtime, financial impact, and get the business back online as quickly as possible to minimize impact on employees, customers and the brand. Plans can differ depending on the type of disaster, but the objective is ultimately the same.  There is lots of research and commentary on disaster recovery plans. Here are some of the key elements to consider:

Emergency response plan – Outlines the actions to mitigate damage to people, property and an organizations’ ability to function during a disaster.

Business continuity plan –  Logistical recovery plan used to restore normal business operations and processes in a disaster situation.

Contingency plan –  Often referred to as Plan B, a contingency plan addresses how an organization may respond to a future situation.

Business impact analysis – Process that determines and evaluates the potential impact of an interruption to critical business operations as a result of a disaster or emergency.

Recovery Point Objective (RPO) – Think about how often systems backup. When a disaster strikes and systems go down data can be restored based on the most recent backup. It is important to determine the frequency of backup that makes sense for an individual business. Would restoring data to the previous hours, days, or weeks data be sufficient to get the business live again?

Recovery Time Objective (RTO) – How long can systems be down before data is recovered and business goes back to usual? The RTO may vary by system. For example, it might be determined that an organizations’ Point of Sales (POS) system needs to be recovered in a matter of hours; while, an email system could be down for a day or two.

Communications plan – During a disaster communication is key. Ensure a plan is in place for communicating to employees, customers, partners and even the general public. In the case of a cyber security breach a communications strategy will help reduce the negative impact on the business.

Testing and training – Run drills to test the effectiveness of disaster recovery plans. Drills provide a great opportunity to tweak plans before a real disaster strikes. Ensure employees are informed about disaster recovery plans and trained on processes regularly.

Backup data – Regularly backup all of your important data at both the organizational and individual level. This ensures minimal disruption during a disaster. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Phishing gets lots of media attention; however, for many it is a bit of a mystery. What is phishing? Are there different types of phishing? How can you prevent a phishing attack? Let’s investigate each of these areas in detail.

What is phishing?

Wikipedia describes phishing as a fraudulent attempt to obtain sensitive information, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication. Attackers will spoof their email address to appear like someone else, set up fake websites, and disguise website URLs. It is becoming harder to figure out who and what you can trust. Avanan’s 2019 Global Phish Report found that 1 in every 99 emails and 1 in 25 branded emails is a phishing attack. Microsoft and Amazon are the most popular brands used in phishing emails. Additionally, 30% of phishing emails slip through security programs, so the threat is significant.

Phishing campaigns have two primary objectives:

  1. Obtain sensitive information – Phishing emails often seek to get you to reveal important information, such as your username or password. This gives the attacker the necessary info to access a system or account. It is very common for messages to appear like they are from your bank, credit card company, or a number of other places you would expect to be reputable.
  2. Distribute malware – The emails that aren’t stealing your credentials are trying to infect your computer with malware hidden in attachments (you can read more about malware in our blog here). Often these .zip files or Microsoft Office documents will appear to be something you are expecting, but in reality it is malicious code. In 2017, it was estimated that 93% of phishing emails contained ransomware attachments.

Types of phishing

There are a few different types of phishing. However, the one thing they all have in common is the fraudulent attempt to obtain sensitive information. Major categories of phishing are:

Spear phishing – Attackers craft a message targeted at a specific individual. Social media sites are often used to identify the target and gather information for the attack.

Whaling – Similar to spear phishing, but the target is a high-value person. The target is generally a person with power, a CEO, senior executive or board member, at a large organization.

Clone phishing – Attackers clone a legitimate previously delivered email and replace the links and/or attachments with malicious code. Clicking the links or opening the attachments enables the attacker to take control of your system and send additional malicious emails masquerading as you.

Phone phishing – Similar to email phishing, the caller claims to be a trustworthy entity like a bank or the government. They try to scare you with a problem that must be cleared up immediately. Their objective is to access account information or have you pay out money.

SMS phishing – These attacks are carried out by SMS text. The text message contains a malicious link that enables the attacker to obtain sensitive information.

Identifying and preventing a phishing attack

The harsh reality is that at some point virtually everyone and every organization will experience a phishing attack. The cost of phishing is significant. In 2018, the FBI’s Internet Crime Complaint Center reported that companies around the globe lost $12.0 billion due to business e-mails being compromised. The cost goes beyond just dollars and cents. Phishing attacks lead to decreased productivity, loss of confidential data, and damage to company reputation. Deloitte reports that 1 in 3 consumers will drop a company like a hot potato after they experience a cyber security breach.

However, there are steps you can take to reduce your chances of becoming a phishing victim.

  • Trust your gut – If something seems too good to be true, then it likely is. Be suspicious, not trusting. Legitimate organizations will never send emails asking you to provide personal information over the web. A quick Google search with the subject or text from a suspicious email will often identify if it is a known phishing scam.
  • Double check URLs – Before you click or enter personal information double check URLs. It is very common for a link in an email to say one thing but the URL is totally different. Mouseover a link first to see if it is legitimate.
  • Look for URL redirects – Make sure you are going to the URL you expect and not a different website with a virtually identical design.
  • Don’t trust urgent/scary emails – Attackers are generally trying to create a sense of urgency or fear. Question emails that are telling you to “Act Now” or “Pay Now”. According to KnowBe4 in Q1 of 2019 35% of phishing emails started with the subject line – “Password check required immediately.”
  • Watch for questionable attachments – Attachments are one of the most common ways to distribute malware. If it looks even remotely suspicious don’t trust it.
  • Don’t share personal info on social media – Avoid sharing personal information such as your birthday, phone number, or address on any publicly accessible social media platforms.
  • Educate, educate, educate – Knowledge is understanding. Regular training on new threats and what to look for are key to preventing a phishing attack.
  • Protect your data – Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

You hear news reports almost daily about ransomware taking down organizations around the globe. Cyber Security Ventures estimates a new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021.

What is ransomware?

Ransomware is a type of malware which takes full control of your system and requires a ransom payment to regain access. In some cases, ransomware threatens to publish confidential data unless a ransom is paid. Norton breaks down the different types of ransomware – Cryto malware, Lockers, Scareware, Doxware and Ransomware as a Service (RaaS).

Stages of a ransomware attack

Ransomware attacks can be broken down into four different stages. What starts off as a simple click in an email, or a download from the internet, or a website visit, can very quickly lead to a whole lot of trouble and enormous expense.

Stage 1 – Phishing

One of the most popular ways for cybercriminals to access your system is a phishing email. Statistics indicate 1 in 25 branded emails are phishing emails. Avanan, a cyber security platform, reports the two most popular brands phishers pose as are Microsoft (42%) and Amazon (38%). Additionally, the Avanan research finds phishing attacks fall into a few different categories – credential harvesting (41% of attacks), extortion (8% of attacks), malware (51% of attacks), and spear phishing (0.4%).

Stage 2 – Burglar prowling

Once a link is clicked and the malicious code downloaded, the burglar begins to prowl. Your computer is compromised. Ransomware starts infiltrating your computer in a matter of seconds. In 2017 the WannaCry ransomware spread like wildfire and in a matter of hours encrypted hundreds of thousands of computers in over 150 countries. Ransomware looks for files on your computer, network, and in the cloud to encrypt.

Stage 3 – Locked out

Encryption of files on your local computer can happen in a matter of minutes. Within a few hours, encryption will impact files on your network or in the cloud. Once the malicious software takes hold, it will lock you out of your most important folders, files and data; giving you no access until you pay. Files in Saas based applications like Dropbox and Office 365 are the most likely to be impacted. Kaspersky found 65% of businesses hit by ransomware in 2017 lost access to a significant amount or even all their data. Additionally, they discovered 34% of businesses hit with malware took a week or more to regain access to their data. Coveware’s Ransomware Marketplace Report estimates the average number of days a ransomware incident lasts, to be over a week at 7.3 days, up from 6.2 days in 2018.

Stage 4 – Ransom request

Your files are encrypted and the cybercriminals are demanding you pay a ransom to regain access. Do you pay? Research indicates that 97% percent of United States’ organizations refused to pay the ransom. However, 75% of Canadian, 22% of German, and 58% of UK, companies paid the ransom. Datto reports the average ransom for a SMB is between $500 to $2,000. So while the ransom itself isn’t significant, the downtime from an attack can cripple a small business. Additional research from Datto found the average attack is 10 times more costly to the business than the ransom itself. Attacks cost a business $46,800 on average and the ransom requested averages $4,300 per attack.

Protecting your business from a ransomware attack

There is no single solution that will protect you and your business from a ransomware attack. Antivirus software, email/spam filters, and regular software updates are a few things you can start with. Focus more time and resources on:

Cybersecurity training People are one of the weakest links when it comes to cybersecurity, as a result make sure you EDUCATE!!

Backup and disaster recovery plan – Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

The answer will surprise you.

Data loss is a battle organizations big and small are constantly fighting. According to a recent Gartner report, global spend on Information Security and Data Protection will reach USD $124 billion in 2019.  This figure is expected to grow at 11% CAGR to USD $284.5 billion by 2025.

Companies worldwide are spending billions on infrastructure, endpoint and application security to prevent unwanted breaches/hacks/intrusions. Capital One  was one of the most recent companies to experience a breach, with the social security, bank account, and personal information of 106 million people stolen.

However, are hacks and breaches the real cause of data loss in companies?  The answer may surprise you.

In 2019 a Shred-it survey conducted by Ipsos highlighted that nearly half of all C-Suites (52%) and one in three Small Business Owners (SBOs) say human error or accidental loss/deletion by an employee/insider were the primary cause of data loss.

That’s right, the primary culprit of data loss in many cases is human error. From accidental deletion, to lack of cybersecurity training, to misdelivery of information – humans are one of the weakest links when it comes to data loss and breaches.

Let’s look at data loss and the human element in more detail.

Accidental Deletion

Accidents happen – right? Your employees create, save, update and delete files every day, so screw ups will happen. Consequently, at the business level regularly backing up all of your important data and information is critical. For employees understanding how to properly save, store, delete or move files is crucial.  In particular, with the popularity of shared sync services like Dropbox, Box and network drives, where an accidental folder deletion can wipe critical files from everyone’s computer, this has become critical.

Lack of cybersecurity training

Are your employees able to recognize a phishing attack? Do they know how to recognize suspicious email attachments? Cybersecurity training can’t be a one-time occurrence it needs to be an ongoing priority for all employees. Malware and ransomware are constantly evolving and so should your training. Additionally, the handling of confidential information requires even more training to ensure there are no breaches.

Poor user passwords practices

A 2018 Verizon Data Breach Investigations Report found over 70% of employees reuse passwords at work. A “staggering 81% of hacking-related breaches leveraged either stolen and/or weak passwords.” From weak passwords to reusing passwords to sharing passwords, it is clear better education is needed. Two factor authentication, secured connections and password encryption are additional ways to improve the security of your data and prevent loss.

Misdelivery of information

Your employees always send information to the right people – or do they? Misdelivery of information was the fourth most frequent action that resulted in data breaches, according to the 2018 Verizon Data Breach Investigations Report. Encouraging employees to double check email addresses, encrypting emails with sensitive information and limiting the ability to send sensitive information outside of the corporate network – are ways to ensure the right information is getting to the right people.

Employee Turnover

When an employee leaves an organization information frequently goes with them. Information maybe deleted or taken with the employee on a USB key or cloud drive. Regardless, organizations must ensure all employee data is kept within the walls of the organization and is accessible. Employees should regularly backup to corporate servers or the cloud and they should be discouraged from saving files on their local computer.

What can your organization do?

Transforming your company’s cybersecurity practices can take months or years. In the short term, here are a few actions you can start with:

  1. Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.
  2. Ensure versioning is in place for files, sync and backups. This means saving versions of documents to protect against accidental deletion and for audit purposes
  3. Train all employees on cybersecurity, proper data handling and storage, and password protection practices
  4. Secure access to digital and physical information using antivirus, infrastructure (like firewalls), endpoint encryption, and related technology


Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days