As companies introduce more advanced back-up measures, employees appear to be becoming increasingly casual about saving documents, confident they can call on IT to help them retrieve missing data. They rarely realise how vulnerable that backed-up data can remain when not stored correctly, according to information management company, Iron Mountain.
With many companies now relying on sophisticated, hybrid back-up procedures that include tape, disc and the cloud, employees assume that the information they need will always be there, even if they’ve failed to save the file, overwritten or deleted it. In a recent series of in-depth interviews with senior IT professionals in France, Germany, the Netherlands, Spain and the UK[i], Iron Mountain found that employees in HR, finance, marketing and sales – as well as those in IT – had developed a careless and unstructured approach to naming and saving documents, simply picking up the phone and asking IT to track down what they had lost.
This widespread confidence in the reliability of information back-up is not always justified. The biggest blunder companies make is to ‘set and forget’: storing information on tape or disc and then never checking it. Reports suggest that 34% of companies don’t test their back-ups, and of those that do 77% have found tape back-up failures – proving it to be a high risk strategy[ii].
Another common mistake is to store back-up tapes and discs somewhere that is not properly controlled in terms of temperature and humidity. Over time, this can lead to degradation of the data.
“As companies introduce more strategic and sophisticated systems for data back-up and retrieval, blending on- and off-site, server, disc, tape and cloud solutions, employees across the business have discovered a valuable safety net for lost or misfiled documents. However, not all information is backed-up effectively, or stored in a suitable climate-controlled environment once on disc or tape. This can mean that when people try to retrieve the data it is either corrupted or not even there at all. Businesses need to ensure they treat their data back-up as they would a smoke alarm: put it in the right place and check it regularly.
Organisations need to introduce flexible and hybrid back-up policies that make the most of limited data storage budgets and reflect the fact that not all information is equal. This could include onsite servers for the most active, business-critical or confidential information, with the cloud and securely stored offsite tape and disc for less essential or dormant data.
These back-up policies also need to be complemented by proactive measures to reduce data loss by employees. Employee mishaps are often the result of a lack of IT skills, so helping colleagues to better name and save documents, introducing collaborative document sharing-platforms to manage version control, and setting up a central repository where people can look for their documents themselves, will all help to reduce accidental document deletion.
[i] Opinion Matters for Iron Mountain, April 2014. Ten interviews were conducted with IT professionals in each of the UK, France, Germany, Spain and The Netherlands, representing the manufacturing, healthcare, telecommunications, financial services, professional services, hospitality, media and broadcasting, advertising, retail and software sectors, with between 50 and 10,000 employees.
[ii] https://www.bostoncomputing.net/consultation/databackup/statistics/
[su_box title=”About Iron Mountain” style=”noise” box_color=”#336588″][short_info id=’60461′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.