Properly managing data should be a top priority for businesses of any size. Information is the cornerstone of most businesses, whether it’s data about a patent or groundbreaking new product or the personal files of tens of thousands of customers. And it’s not just documents or Excel files that are vital. A company might have photo or video content from a recent tradeshow or an engaging showcase about a new product. In either case, the data is valuable and deserves attention and protection. Since most data is now digital, companies have to protect and properly manage this information in order to maintain competitive advantage and avoid potential legal repercussions.
Preventing Loss
The first step for preventing data loss is to follow several best practices, beginning with the creation of an overall plan. A formal disaster recovery plan provides the entire company with processes and individual responsibilities as they pertain to data management. A formal plan encourages staff to think about data as a company asset, and spurs thoughts about different or undiscovered data sources that might exist. With a plan companies can operate more efficiently and improve their odds of successfully managing data while reducing the chances of loss.
Here are some other best practices:
- Stay in legal compliance. The proper management of data, especially personally identifiable information (PII) should always be a consideration. You must ensure the way data is stored, transferred and shared meets or exceeds any standards.
- Educate staff about proper handling of devices. Hard drives are machines with moving parts and therefore they can break. Talk to staff members about only moving drives when necessary and ensuring they are always transported in a protective case. Many firms use SD cards to capture DSLR photos or videos. These cards are very fragile and should be kept away from heat, liquids, and dirt.
- Limit employee access. In the early stages, perhaps your company allowed every employee to access any data. As the company grows, you have to limit access to sensitive data, whether it’s legal documents, internal secrets, or customer data. Set access controls to prevent loss, theft, and to reduce the possibility of a data breach.
- Backup your backups. Given how inexpensive hard drives or cloud services are, it’s simple to introduce several layers of backups. Utilize multiple cloud services in tandem with on-premises and off-premises physical storage for the best possible data protection.
Ensure Recovery
If you do lose your data, avoid free software utilities that you might find from a quick Google search. While free seems appealing, these tools often are riddled with malware and they typically do not work. Some can even do “more harm than good” by corrupting data while it tries to extract it. For logical errors or to simply recover deleted files, there are some reliable products on the market that can help. Stick with a reputable program from a company that is actually based in your country that has a trial version, phone number, and offers free technical support. For hard drives and devices that have a physical problem you should utilize the services of a qualified data recovery vendor that uses special tools and labs to open and extract hard drive data. If the drive is damaged from a fall or water, don’t try to access the data yourself as this can cause more damage.
Don’t Only Rely on the Clouds
The cloud is an attractive storage option, especially with year-over-year decreases in costs and improvements in reliability. However, you shouldn’t rely solely on the cloud for all of your firm’s security needs. Mixing in redundancies means having some physical on-site storage options, which can be especially useful in the case of internet outages when cloud access is impossible. Remember that most clouds are “public clouds” so you have several tenants all bundled together, increasing the risk and potential reward for hackers who can gain access to many companies via a single attack. Placing sensitive data on physical drives isn’t foolproof, but it does remove it from internet-based attacks.[su_box title=”About David Zimmerman” style=”noise” box_color=”#336588″]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.