Small business owners: when your data is not your own

In recent months I’ve talked to the BizWest audience about the increasing costs of data loss and data security for small-business owners. But while we data-security experts continue to hammer these points home, few have taken the time to examine what a daunting task we are asking of people who would really like to concentrate on the things they know and excel at, such as being a dentist, an accountant or an attorney.

Consider this: In the age of “The Cloud” a small business must cobble together a vast assortment of tools to support email, file sharing, marketing communications, sales management and accounting, as well as industry-specific software packages required to get our jobs done.  These tools come from different suppliers and must be jury rigged to function together.  The tools are deployed on an array of computing platforms.

Now businesses are learning that the information stored on these platforms is under attack.  So the small businesses are forced to create password policies, backup regimens and privacy statements.  Worse yet, the business owners need to train their employees on these regulations.  All of this just to start working.

Certainly, that’s what the thieves are taking advantage of, as ransomware attacks have become the next headache for small-business owners. Most researchers believe that ransomware attacks, in which computer files are frozen or encrypted until a key is delivered in exchange for payment, increased at least tenfold during 2016. A review of 540 international firms by Osterman Research found that 39 percent of those companies had suffered such an attack during the last year.

Most ransomware attacks are sent out by mass emails from botnets that can consist of thousands, or hundreds of thousands, of infected computers.  Unaware users usually trigger the ransomware by clicking on malicious email links or attachments, which can be seemingly innocuous text files. Smaller firms make good targets for ransomware criminals, as they often don’t have email protection or sophisticated backup systems.

Such en masse ransomware criminals often charge less than $1,000 to return control, though the Osterman study noted that some ransoms easily surpass $10,000 and even more. By demanding lower ransoms, the criminals believe that it will be more of a nuisance fee, though often businesses are unable to regain their data even after the ransom is paid.

Ransomware is rapidly changing, but the end game is still the same — to separate companies from their data until the ransom is paid. If the backup media — tapes or hard drives — are on the local network, they, too, can become infected.

This is a great reason that most small businesses now look to the cloud for data backup. As the major leaders in data storage are also Big Data companies, such as Google and Amazon, their claim on your data is interesting, as well. For instance, few users of the free Google Drive realize that all of their data, including photos, can be used for any Google marketing purpose.

Because most cloud providers hold the encryption keys for storage, this also means that their employees can view your data, which may be another huge headache for small-business owners in regulated industries. Amazon users often find  the cost of retrieving significant amounts of their data is four to eight times the monthly hosting fee.

The point is that as small businesses look not only to protect their data, but also to mine it for important leads, such costs become significant. If you cannot access all your data, then it really isn’t yours at all.

Scott Hoot is the founder of the startup ZFyre. He can be reached at or 970-231-8755.