Singapore's small firms put critical data at risk

By SearchSMBAsia Editors | Jun 17, 2009

0 comments [1]

Delicious [2]

Digg [3]

Email [4]

Print [5]

Thumbnail: 

An alarming 49% of small companies fail to backup their data on a daily basis, according to a new survey [6] by Kroll Ontrack, provider of Ontrack Data Recovery products [7]. This is despite the fact that nearly half of the survey’s respondents experienced data loss in their workplace in the past two years and 37% felt that data loss could have a significant impact on their business.

The survey, conducted in early 2009 by StollzNow Research, asked IT managers from 945 companies throughout Singapore, Hong Kong and Australia about their views and experiences related to data management.

Small businesses in Singapore were particularly prone to data loss, with 62% of companies with 50 or fewer employees experiencing data loss in the past two years.

“Smaller Singapore companies are experiencing data loss at higher levels than larger Singapore companies and their Australian and Hong Kong counterparts.  This may be due to a variety of reasons, including lack of management attention and time spent in proactively implementing strategies to minimise the potential for lost data,” said Adrian Briscoe, General Manager, Ontrack Data Recovery APAC, a division of Kroll Ontrack.

Small companies in Singapore were also less likely than their larger counterparts to have implemented a policy for the preservation of data. While 59% of Singaporean respondents reported that their company had a formalized data retention policy, this figure fell to just 40% for small companies.

Overall, the survey also found that many small companies were not testing their backup systems on a regular basis, with 35% admitting to checking them only ‘sporadically.’

However, the issue of poor data management was not exclusive to small businesses, with companies of all sizes tending to take a ‘set and forget’ approach. “Many companies do a great job with rollout of their data management system, but then no one revisits it on a regular basis to make sure it is still functioning effectively,” said Briscoe.

The survey also revealed that companies’ backup procedures were not keeping pace with changes in IT management. Only 52% of companies had reviewed their disaster recovery plans in the last 12 months.

In addition to system failure, data can be put at risk when end-of-lifecycle or unwanted computer hardware is not completely and securely erased. This raises the potential for business-critical information to fall into the wrong hands. However, the survey found that nearly a quarter (24%) of companies had no formal policy for erasing sensitive data, which means that they are not destroying their sensitive information systematically.

The results also exposed poor documentation of erasure procedures, with less than half (46%) reporting that they keep a log of equipment that had been erased. Failure to log equipment erasure can lead to significant legal penalties.

Even so, survey respondents demonstrated a reluctance to seek the assistance of a third-party data service provider. Only 34% of respondents said their company had used an external consultant for data recovery. When asked why, the most common response (36%) was that “internal technology and processes were utilized.”

Other reasons cited were security reservations (18%) and cost (17%). Security concerns about using a third-party provider were more common in Singapore (23%) than Hong Kong (18%) and Australia (12%).