Paul Murgatroyd, SE Manager – UK Public Sector. Commercial and Nordics, at the cyber firm Forcepoint, writes about the role of Data Loss Prevention for the hidden champions of the mid-market.
It’s well known that small to medium-sized businesses (SMBs) are under constant threat of cyber-attacks. Some 28pc of data breaches in 2020 involved small businesses, and more than 22pc of SMBs have suffered a security breach due to a remote worker since the beginning of the COVID-19 outbreak, according to Verizon’s 2021 Data Breach Investigation Report.
One of the many reasons for this increased number of attacks is due to the fact that many medium-sized companies are ‘hidden champions’. Without the wider public realising it, they make up critical elements of UK supply chains: supporting international blue-chips; providing services to retail or manufacturing; working within the financial services sector to deliver robust banking, insurance or investment offerings.
As a result, they have a veritable treasure trove of sensitive and critical data that magically attracts hackers and those set on espionage. If the bad actors are successful, it could cause considerable or even existentially-threatening damage.
However, companies are not only threatened with the loss of valuable intellectual property by criminals with malicious intentions. Businesses are also at risk from their own employees. One simple mistake from an employee can lead to an unintentional leak of sensitive data. It only takes one distraction for a file to be sent to the wrong recipient – and with additional pressures caused by two years of a global pandemic, distractions are everywhere.
To prevent the unintentional loss of valuable data, companies have an extremely effective tool at their disposal in the form of Data Loss Prevention (DLP). DLP solutions enable businesses to set data handling policies based on broad data classifications and pre-set policies, allowing them to not only install the tool quickly, but then respond quickly if these policies are violated. For example, DLP can automatically prevent the sending, copying or printing of extremely sensitive data. This ensures that intellectual property does not maliciously or accidentally fall into the wrong hands.
Although medium-sized companies can experience huge benefits from DLP in terms of critical data protection, many of these businesses are still hesitant to adopt DLP due to time, cost and feeling overwhelmed with the set-up effort required. In fact, this doesn’t need to be the case, as companies don’t need to do extensive file classification and create new policies to deploy DLP. There are solutions on the market that can easily integrate with existing security tools and data classifications that come with a large set of predefined policies out of the box.
With data regulation such as GDPR – now known for the UK as the UK’s GDPR – alongside the Data Protection Act 2018 increasing public awareness of personal data and the importance of protecting it, businesses can’t afford to get data protection wrong. GDPR was also created to improve how businesses and other organisations handle information of those that interact with them – something very important to medium-sized businesses within a bigger supply chain. Failure to comply with the rules could result in large fines and huge reputational damage.
As such, it’s vital the UK’s SMBs and hidden champions look to DLP to help protect their most valuable asset – data. No other technology is able to prevent malicious and accidental data breaches so effectively. Including DLP as part of a wider cybersecurity strategy will give organisations the best possible defence against data breaches in today’s digital world.
