From ransomware and denial-of-service attacks to email phishing scams and malicious hacking, small and midsize businesses are facing more cyberthreats than ever before. But many aren’t doing enough to implement, test, and maintain backup and disaster recovery strategies, according to the results of a recent survey.
The survey also found that unplanned IT system downtime resulting from cybercrime, human error, and hardware failure continues to be a significant problem for smaller organizations. That’s because even short periods of unexpected downtime can lead to frustrated customers, damaged reputations, and financial losses.
Carbonite conducted a survey of 219 IT decision-makers at small and midsize businesses with 250 to 1,000 employees and discovered that 52% have experienced unplanned downtime within the last three years.
The decision-makers reported that hardware failure is the leading cause of unexpected downtime, followed closely by power outages, malicious software or malware, and cyberattacks. Other downtime causes include natural disasters like fires, floods, and hurricanes. Small businesses also report losing data as a result of accidental deletions.
Just over 40% of survey respondents report that the number of cyberthreats they deal with has increased over the last three years, while about 22% say the number of threats has remained flat. About 36% believe that threats have decreased.
The results of the new Carbonite survey line up with recent reports about the increase in ransomware attacks and other cyberthreats to small and midsize businesses.
IT security solutions firm Cybersecurity Ventures predicts that financial losses resulting from ransomware attacks will top $5 billion in 2017. That figure includes costs related to making ransom payments, data loss, and lost productivity. Security solutions firm SonicWall reports that it detected more than 638 million attempted ransomware attacks during 2016. That’s more than 167 times the number of ransomware attacks the company detected during 2015.
Despite the increase in cyberattacks, many small business IT decision-makers are not spending enough time focusing on data backup and disaster recovery strategies, usually because they lack the time and resources to do so.
One in five IT professionals have not performed a successful backup and disaster recovery test in the last year, according to the survey.
Many companies implement a backup and disaster recovery solution but fail to test it regularly. That can lead to problems when disaster strikes, according to Jim Flynne, vice president of operations at Carbonite.
Small businesses should test their ability to restore lost data from a backup system at least once a month, Flynne says. This helps ensure that data is being backed up properly and that employees can get back up and running quickly in the event of a natural disaster or cyberattack.
“All you need to do is identify some important files and retrieve them from your backup system. Once restored, open the file as you would the original to make sure it was recovered properly,” Flynne explains. “Database-driven applications can be more finicky and may require complete sets of files to be restored to ensure that there are no problems, but it’s worth testing backup systems before your business has to depend on them to run.”