Starting in February 2011, the major mainstream media outlets have reported numerous security breaches of online data storage. The most embarrassing of the incidents involved the hacktivist group Anonymous invading the servers of HB Gary, an internet security firm with several contracts with the United States government. Anonymous released links to torrents containing over 50,000 emails written by the CEO of HB Gary. This breach not only compromised the reputation of HB Gary but also exposed business transactions with their clients, including official with the US government.
Another high profile online data storage failure occurred in late March 2011. An unknown hacker(s) compromised the email system of a large well-known internet-marketing firm. This breach affected clients and customers of major US banks, such as Citigroup and JPMorgan as well as major retail outlets, hotel rewards programs, and credit card companies. Although the hackers only obtained names and email addresses, it is possible this theft of data will result in increases in spam and phishing activities. Clients of these firms and businesses are likely not only to be much more guarded in the information they share, but also concerned about the overall business practices and trustworthiness of these companies.
It is not only private businesses who are incurring security breaches but also government agencies. Recently the South Carolina Budget and Control Board informed current and former employees contributing to the South Carolina Retirement System of “unauthorized access by an individual or group” of a database consisting of names, addresses and social security numbers of members. The State of South Carolina incurred the expense of providing the affected employees credit-monitoring services for the next five years. An incident in the Texas government involved not employees but the citizens of the state. The Office of the Comptroller in Texas reported a “human error” resulted in personal information hack including, but not limited to social security numbers, addresses, phone numbers and other protected personal information.
The issue facing small to medium size business and the professional in private practice is how to achieve the closest thing to failsafe data security in their server backup protocol. Most state and federal regulators now require secured remote data storage to avoid the loss of vital records in the event of a natural disaster, such as Hurricane Katrina, fire or terrorist attack. Most business liability insurance policies now require business to have evidence of company practices pertaining to the protection of electronic data. Business owners are well advised to explore carefully the options available in server backup services.
In order to avoid becoming headlines in the nightly news, business owners need to ensure all data stored in remote servers is highly encrypted and the password is resistant to brute force hack efforts. Experts advise the use of 256-bit encryption with the key made by the business prior to transmitting the data to the online data storage provider. Using managed online server backup services ensures the data will not become inaccessible in the event the password is lost. The transmission of data should be through a SSL channel. These features provide the most security for data against breaches of private and privileged information.
For most small to medium business owners, it only takes one look at Microsoft’s technical information outlining their recommended best practices for backing up and restoring server data to become completely overwhelmed. A reputable and knowledgeable provider of online storage back up gives the business owner the peace of mind knowing their data is preserved, secure and accessible only to those who need to know.