An organization’s data provides both opportunities and challenges for new designs that best converts raw data into clear, actionable information.
With the digital transformation of organizations, new technologies like advanced analysis, performance intelligence, and machine learning have become critical to their long-term success. Thus, to build that future, it is now more important than ever to protect data from damage or loss.
Why Worry About Data Loss?
Data loss can damage your business in multiple ways:
Loss of productivity is a direct result of data loss and can be a major hurdle for businesses. Whether the result of a random network breakdown, hardware or software failure, or a vicious act, lost data can take hours or days to recover, leading to inefficiency and loss of sales. According to data from Consolidated Technologies Inc., “93 percent of companies that lost their data center for 10 or more days from a disaster, filed for bankruptcy within one year.”
Loss of important information
It’s one thing to lose information your company needs to work internally; it’s another when that loss puts customers’ personal information at risk. Failing to keep customer data safe can result in huge monetary losses that could lead to permanent closure.
Loss of dignity and trust
While it takes years to gain the trust of your customers, it only takes one unfortunate event to lose it. A business that has fallen victim to data loss may find it difficult to maintain trust and credibility with its customer base, most likely losing customers.
Loss of business opportunities
Depending upon the size of a data breach, a business could lose so much revenue that it is forced to close permanently. According to Cybercrime Magazine, “60 percent of companies do not survive more than six months after a data breach.” Ignoring security measures means that a business is not yet ready to face the consequences of loss.
5 Ways to Reduce the Risk of Data Loss
Reducing the threat of data loss is as easy as following these 5 steps:
Have a strong data backup and restore plan
Every day, around 218 (2,000,000,000,000,000,000) bytes of data is generated across all industries. Thus, if a system like Salesforce gets stuck, all sales processes are affected, leading to a possible shutdown and a loss of millions of dollars. What is needed are SaaS applications that reduce infrastructure costs and improve productivity by providing remote employees with flexibility.
According to EMC Corp, 80% of SaaS businesses lose their data over time. Most SaaS vendors do not offer data protection – Salesforce, Microsoft, and Google all provide limited (or no) support for data access as evidenced by their company statements.
When first starting, it’s a good idea to have a basic backup strategy. The following are a few questions to consider to ensure your backup is working effectively:
What data needs to be backed up?
“Everything!” might be the official answer, but it’s a little more complex than that…Data have different natures and uses. Some data — like customer or employee personal information — must be protected to maintain trust and reputation, and meet regulations.
How often should it be backed up?
Important files should be backed up at a minimum once a week, preferably once every 24 hours. If data changes less frequently, then scheduling a periodic backup is probably best. For older data not used often, it makes sense to archive it until needed.
How should I continue to monitor it?
It can be devastating to find out that your data backup has been failing at a time when you may have lost your data. If your backup job has been running quietly for months, it is a good idea to check and make sure it’s doing its job. You should be able to easily monitor all tasks performed, ensure backups/restores are intact, and that you can easily get your data in case of a loss event.
How often should I test it?
There’s a saying: “Data is only as good as your last backup, and your backup is only as good as your ability to restore it.” When data loss occurs, the first question that comes to mind is “who is responsible for restoring those backups?!” The answer is simple: you!
Think of testing your restore as a fire drill: a) what are the steps? b) what files are being backed up? c) when do you want them recovered? d) what options do you have for restoring your data? Testing out your restore capability will clue you in on potential holes in your backup that you can fix before it’s too late.
Should I archive it?
Backups work well when you are actively using data, but older data you are not using regularly still piles up on the server, causing it to underperform. Archiving moves data to long-term storage, freeing up storage space for data you are currently using.
Limit access based on roles
Internal threats cause significant problems for organizations in all industries. Why? Because it is very difficult to see them. Insiders have legal access to systems and data and can easily steal or erase important business data if proper security controls are not in place.
Inevitably, the biggest cause of data loss is human error. According to a study by CA Technologies, 56 percent of online security experts said that regular employees pose a significant security risk to organizations because of over-the-counter access rights that open the door to internal attacks.
Case and Point:
|San Jose resident Sudhish Kasaba Ramesh serves as a reminder that not only current employees can be an internal threat —your former employees can be, too. Ramesh received two years in prison in December 2020 after a court found that he had access to Cisco Systems without authorization, deleted more than 16,000 user accounts, and caused $2.4 million in damages.|
- Divide your data into categories, and ensure that sensitive data is secure and can only be accessed by authorized personnel who have a valid reason for accessing it.
- If sensitive data must be sent across less-trusted networks, make sure it’s encrypted.
- Use authentication to verify the person accessing the data, and create audit logs that can be scanned for suspicious behavior.
- Restricting data access strictly to what’s required for each job role is essential if you want to prevent a sensitive data breach.
Use thought out retention policies
The data retention policy is the first step in helping to protect organizational data and avoid financial, social, and criminal penalties that are largely associated with poor data management practices.
Just as people are prone to make mistakes, so are machines. While equipment can greatly reduce the risk of personal error, data can still be compromised/damaged without warning, which could result in the loss of all your important data at once. The results are beyond imagination!
A data retention policy can provide a set of guidelines for secure data storage and determining how long it should be stored. It can also help an organization reduce its data storage costs while at the same time making data accessible when needed. It can help organizations by acting as a buffer system in case of accidental deletion of data by keeping it stored longer.
Usually, user errors occur when a user is confused or distracted. Accidentally deleted files cannot be found without a backup. Therefore, it is important to set appropriate workflow procedures that include general work savings and structured data storage strategies.
- Identify and collect data that your company manages in stages.
- Define data retention schedules for each category based on legal requirements.
- Keep personal data for as long as needed:
- employee data is only required during the employment relationship;
- customer data should not be stored beyond the duration of the business relationship (unless otherwise required by law).
- When data is stored in cloud-based systems, companies often have to rely on the provider to perform the deletion. Therefore, it is important to select compliant service providers when undertaking a small contract to process personal data.
Diversify your backups
Many business development experts would argue that having one backup location near your business is a big risk factor. Fire or unexpected events can leave your business in ruins. Even power outages caused by lightning strikes in the only backup area could put your business at risk.
No one likes to always expect the worst but you have to be prepared for it at all costs. Whether caused by a security breach or negligence error, data loss can be detrimental to businesses. 94% of companies facing catastrophic data loss do not survive – 43% do not reopen, and 51% close within two years. Recent examples like the Amazon Web Services shutdown or the Google Cloud Storage outage that affected forums like Snapchat, Shopify, and Discord, show that even the largest providers can slow you down in your time of need.
The best backup practice is a comprehensive backup system known as the 3-2-1 rule that helps create durability from a backup perspective.
“Rule 3-2-1” recommends that (3) have backups stored on (2) different types of media, with at least (1) a copy stored off-site. This rule helps to create both redundancy in backups and a variety of storage and media. Cloud backups are very similar when you consider the benefits of separating your production data into backup data. You want to separate areas where this is stored.
Having multiple backups stored on all different devices and locations greatly reduces the chance that all copies of your data will be affected by an unexpected disaster or outage
Know your RTO & RPO
Recovery Point Objective (RPO) is a measure of how frequently backups are performed–how fresh recovered data will be. In practice, the RPO indicates the amount of data (updated or created) that will be lost or need to be re-entered after an outage. An easy way to understand an RPO is to think of it as the amount of data a business can lose and continue to operate. For example, Your company uses Salesforce’s weekly exports to back up its data. In this scenario, your current RPO is one week. In other words, if you ran a weekly export on a Sunday, and then on the following Saturday, you suffered a major data loss, you would only be able to recover the data as it was six days ago. For most organizations, this would be unacceptable.
Recovery Time Objective (RTO) is the amount of downtime a business can tolerate. The RTO answers the question: “How long can it take for our system to recover after we were notified of a business disruption?” The RTO defines how long a business can last without data being available. For example, if your company’s RTO objective is 36 hours, that means you should be able to restore the data in less than two days. This is because your disaster recovery plan has stipulated that if you cannot recover the data within that time frame, irreparable damage to the business could be done.
Data security and protection are everything in today’s digital universe. Settling for anything less than an airtight recovery and business continuity plan that involves multiple layers of data backup could prove to be disastrous.
There is no flawless solution and even with an “airtight” backup solution, data loss is possible. In the best-case scenario, it costs half a business day’s resources; in the worst-case scenario: crashes and suspensions because you were unable to restore your important data.
According to research, it is found that an hour of downtime costs $8,000 for a small company, $74,000 for a medium company, and $700,000 for a large enterprise.” For large enterprises, this equates to around $11,600 per minute.
Both the RPO and RTO values are the most important considerations when determining disaster risk management and are undoubtedly the principles that will emerge when designing your organization’s disaster risk management/business continuity plan.
It doesn’t matter whether your organization is big or small. Chances are that you’re storing sensitive, personally identifiable information about customers or employees that are valuable for your business. Your company is required by law to secure and protect this data. But it is also in your best interest from a financial and customer confidence point of view.
Implementing data loss prevention measures keeps your data safe, your business running, and your customers coming back for more. Don’t wait until heart surgery is your only option for staying on your feet. As they say, “An ounce of prevention is worth a pound of cure.”