The 5 Most Common Causes of Data Loss in SMEs


Read on to discover the 5 most common causes of data loss in SMEs, as well as some tips on how to prevent it.

“The night is dark and full of terrors”. Any fan of the Game of Thrones novels or the highly successful TV series will no doubt recognise this quote. It pretty much sums up the life of any sysadmin too, as many of you reading will almost certainly have felt a chill run down your spine when recovering your data, with a faint sense that something isn’t quite right.

Data saved in the wrong place, poorly defined backup policies, storage errors, overwriting, poor retention planning… These are the kinds of things that keep sysadmin awake at night.

So, to try and help you sleep a little more peacefully, we thought that we’d take a look at the most common reasons why SMEs lose data and what you can do to prevent them. In no particular order, the top 5 are:

  • Hardware and software failures
  • Data protection failures
  • Natural disasters
  • Cyberattacks
  • Human error

The reason they’re in no particular order is because data loss is data loss. There is no point in celebrating your levels of protection against a cyberattack if one of your employees is then going to go and unwittingly unplug the wrong cable.

Let’s take a look at each of these in more detail.

Hardware and software failures

Systems administrators in SMEs, who have to make do with tighter budgets, know that they’re more exposed to the risk of hardware or software failures than if they were in a larger company. Without having the budget to replace or update equipment, there is a much greater chance of mechanical failure in disk drives, server failures, applications or operating systems becoming obsolete. And that’s before we get to the more universal problems related to development bugs or patches that don’t work. Any one of these issues can lead to a disastrous loss of data.

We all depend on hardware and software. There’s no escaping that unless you want to go back to the stone age.

So, it’s important to establish as many controls as necessary to ensure that the infrastructure is kept in good working order. That means monitoring hardware, updating software, making backups and testing recovery procedures occasionally to make sure that everything is fit for purpose.


Data protection failures

Data protection failures are another common reason that SMEs lose data. This could be a backup failure or a poorly defined backup policy where security copies aren’t made frequently enough. Or maybe backups have been configured incorrectly and can’t be used to recover the system in the event of a disaster.

There are various steps you can take to try and avoid these issues. The first is fairly obvious: training and lots of it. Delivering training and awareness-raising sessions will ensure that everyone understands why backups are so important.

The second step you can take is to make sure that you dedicate enough time to carefully planning both your backup policies and retention policies.

Lastly, you should occasionally test your backups by running a mock recovery. Not only will this give you peace of mind that your processes are well-defined, but you will also give your team practice so that they’re well-drilled when the time comes.


Natural disasters

There are countless films showing us the almighty power of Mother Nature and how it can be unleashed at any moment. Whether it’s a volcano, a global storm or a meteorite, we human beings are quite vulnerable really.

However, whilst this might all seem like fiction or fantasy, we’re still not quite as safe as we’d like to think. Only a couple of years ago, a volcano in the Canary Islands completely disrupted life there for weeks, with many people having to abandon their homes and businesses. Earthquakes are not uncommon in southern Europe and flooding is becoming more and more frequent in several countries across the continent.

So, while maybe things aren’t quite as apocalyptic as Hollywood makes out, there are still some genuine threats that we need to take seriously.

But what can you do? Well, first of all, you can think carefully about the location of your data centres. Wherever possible, you should try and make sure that they’re not located in an area prone to flooding. You should also consider getting some good insurance with the right coverage for your region. Replicating data centres or at least your essential services in other remote locations is also a very good practice. Or you could consider having some form of Plan B on the cloud.



Hackers are an ever-present danger (we’ll probably dedicate an article to where this name came from in the not-too-distant future) and have become one of the main drivers for investment in IT security in recent years. Every time a cyberattack successfully manages to attack an important system, the world sits up and takes notice. One example of this was the Wanacry ransomware, which was all over the front pages throughout May 2017 and brought many companies around the world to their knees.

Thanks to this and other attacks, such as those by activist groups, criminal gangs and terrorist organisations, everyone is fully aware of the risk they pose. Just because your company is small, it doesn’t mean you’re not a target. And just because your company is big, it doesn’t mean that you’re invincible.

But does that mean that data loss is inevitable? Absolutely not. But it does mean that, no matter how much protection you have, a security breach is still possible and you’ll need to be prepared when it happens.

What should you be doing then? Well, first of all, you should train your technical team and make sure that all employees are fully aware of the risks. Secondly, you should ensure that all systems are up to date, anti-virus software is installed and your firewalls are configured correctly. And finally, you should deploy any security systems that you can afford and which will enhance your levels of protection. But don’t forget that there is a lot of free software out there that may well be suitable.


Human error and data loss in SMEs

As you can see, data loss in SMEs can be caused by all kinds of failures or malicious behaviour, but there is nothing quite like human error. This can be down to ignorancenegligence and even bad faith (although we’d normally consider that a form of attack).

Human error can include configuration errors in your backup policy, retention problemsaccidental deletionsoverwriting and much more.

As you can see, there are many ways that people can unwittingly put your company’s data at risk. And this is the hardest factor to mitigate, as people will always make mistakes. However, by training your staff and regularly testing your backup and recovery plans, you can keep the risks to an absolute minimum.



<strong>Data loss for SMEs is a serious matter that costs millions of euros each year. Most of the time, it’s due to poor preparation. So, whilst there are many things that you can do to mitigate data loss, the most effective measures are to make sure that your staff are well trained and prepared and regularly update and check your procedures and systems.

If you enjoyed this article, check out the articles on similar topics on our blog.


Other posts that may interest you

3 de July de 2024
Here at Jotelulu, we have designed our Disaster Recovery service specifically with SMEs in mind. But what arguments should
2 de July de 2024
In today’s article, we will explain some of the basic concepts that are important to understand about Jotelulu’s Disaster
1 de July de 2024
In this article, we’re going to explain the differences between IP failover vs DNS failover when configuring your Jotelulu Disaster

Fill out the form and one of our Sales team will contact you soon.  | 

You can unsubscribe from these communications at any time. For more information,  check our Privacy Policy.


We make the difficult easy

Existing Disaster Recovery tools often require advanced knowledge to manage, demanding expertise that is difficult to acquire.

Jotelulu’s Disaster Recovery aims to make the difficult easy and offers a very simple deployment based on a three-step configuration:

Origin (Primary Site)
Determine the origin location of the subscription on which the Disaster Recovery service will be established.

Destination (Recovery Site)
Set the destination location (availability zone) where you want the Recovery Site to be deployed.

Replication characteristics
Specify the data related to the number of copies to be kept and the frequency at which the replication will be performed.