It’s a fact of life, accidents happen, and we humans are not infallible. Here Philip Bridge, president at Ontrack, explores how to protect your data should the worst happen.
Today’s virtual IT environments are highly complex and have unprecedented levels of data streaming through them. They require diligent IT administration 24/7. Unfortunately, human’s make mistakes. Teams are one accidental deletion or failed backup away from losing access to – or losing entirely – their data.
The results of human error are wide and varied. Yet, they are all bad. Intellectual property can fall into the wrong hands, the organisation can suffer a data breach or face a crippling regulatory fine. It is, therefore, imperative that organisations invest in robust technology risk management policies.
The definition of a breach
The Information Commissioner’s Office (ICO) defines a data breach as, ‘any event that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.’ The key word here is accidental.
Accidents leading to a data disaster are more prevalent than many would care to admit.
One survey found that the accidental deletion of information was the leading cause of data loss, driving 41% of cases. This is far above malicious hacking.
Even if there is an attacker from outside the organisation behind a breach, human errors that have resulted in failed data backups could mean the company is without vital event log information that would articulate where the attack originated.
Most common accidents
So, what are the most common accidents that lead to data loss and security vulnerability?
A failure to document
Whether a test server moves into production without informing IT that the data is not being backed up, or teams decommissioning a Storage Area Network (SAN) that is still in production, a failure to document and execute established IT, retention and backup procedures is one that we see time and time again.
Accidental deletion
The amount of time the delete key is mistakenly pressed is astonishing. It is important that organisations do their due diligence and ensure the data they delete is truly no longer of value.
Failure to install patches
Days are busy and resources are stretched. However, failing to update security patches can result in them being left open to evolving security breaches.
Failure to backup effectively
In a survey, we found that whilst three-in-five (60%) businesses had a backup in place at the time of loss, it was not working properly as thought. Unfortunately, the failure to establish and follow backup procedures, or test and verify backup integrity is a guaranteed recipe for data loss.
Being lax with credentials
It is important to restrict IT administrator passwords only to required users and change them when an IT administrator leaves the company. Don’t take chances. Some of the worst data loss cases we see result from a disgruntled employee with a live password intentionally deleting large amounts of critical company data.
Data loss best practice
What should IT departments do when the unfortunate happens to ensure the best chance of an effective resolution?
Avoid panicking
It is important if data loss happens that companies don’t restore data to the source volume from backup, because this is where the data loss occurred in the first place. They should also not create new data on the source volume, as it could be corrupted or damaged.
Trust your team
Be confident in the skills and knowledge you have on your team. IT staff must educate the C-suite to avoid them making decisions that could do more harm than good.
Have a plan
Staff should follow established processes and ensure data centre documentation is complete and frequently revisited to ensure it is up to date. IT staff should not run volume utilities or update firmware during a data loss event.
Know your environment
IT staff must understand what their storage environment can handle and how quickly it can recover. Knowing what data is critical or irreplaceable, whether it can be re-entered or replaced, and the costs for getting that data up and running to a point of satisfaction are important.
A compelling story
Not enough organisations invest sufficient resources into developing bespoke policies based on risk. Mixed with the fact that accidents happen, and you’ve got a compelling story for the prevalence of data loss today.
Prioritising hardware upgrades, rigorously testing and validating IT network processes, investing in skilled and experienced professionals, and enlisting a data recovery expert are fundamental precautions every business decision maker must consider.
The complexity of managing today’s IT environments made even more dispersed by the global pandemic, combined with the growing amount of data that streams through them has required more diligent IT administration than ever.
Unfortunately, humans are not infallible. In many ways, it is what makes us human. Therefore, it is time to acknowledge that accidents happen. It is how you deal with them that separates success from failure.