The disaster recovery plan is a key piece of any business strategy and should answer questions such as:
- How will you cope with a fire or flood at your offices?
- What happens if key staff leave?
- How quickly can you recover data?
- Are your backups secure?
Yet, many businesses plough on without considering what would happen if their day-to-day business data suddenly vanished or if legally protected documents were misused.
From confidential business process spreadsheets and legal files, to customer databases and a huge amount of digital paperwork, most businesses rely on rapidly changing documents to organize their efforts.
What is data loss protection?
If there’s a data leak, accidental deletion or hardware failure, a poor user decision or internal/external data theft, business information is at great risk. At its worst, these files can be stored on a single hard drive, the failure of which can cripple a company. At its best, data backup, on paper, remote storage and cloud, can see a company carry smoothly on, whatever situation befalls it.
In the all-digital era, with many offices not even bothering to own a printer, taking care of data, using data loss prevention tools, and having (and testing) your data backup and recovery strategy are all a key part of keeping the company’s crown jewels safe.
The increasingly common business role of Information or Security Officer should help to formalize the task, and ensure that any business is operating in a safe manner when it comes to data storage.
How data loss prevention technology works
Data Loss Prevention (DLP) helps businesses monitor and protect any vital data files stored across its digital footprint. With all organizations, especially finance/legal/medical firms affected by regulatory compliance rules, including HIPAA-protected information and the new GDPR, they need to be able to prove that data is securely stored and managed.
DLP can prevent sensitive files being shared. It can also alert users before an important document is accidentally deleted. A DLP service highlights if sensitive files are copied to another device by a user, highlighting potential sabotage or theft.
These features and search tools that can find legally sensitive information in archive records are essential. This can extend to text stored in image files or .PDFs and other tricky file systems.
How to check for data loss in your network
Network data-loss prevention extends the traditional definition of the traditional term. The extended version is essential for large enterprises with multiple sites and data silos. It covers business email servers, mobile and web applications, along with cloud stores and legacy file transfer systems like FTP.
Checking what documents are transmitted by these methods allows the business to retain control over the information. It also helps monitor internal risks, such as workers sending files to competitors or leaking to the press. With fines potentially reaching millions of dollars for a breach, the cost of implementing DLP will save the business far more if a leak occurs.
How to prevent data loss in cloud computing
With many businesses moving email and data services to the cloud, the latest evolution of DLP is one that monitors public, hybrid or private cloud stores. Solutions can look closely at data for transmission of documents using Microsoft’s Office 365, Google G Suite or other services.
Most DLP solutions also provide protection against information and email-based attacks like phishing, malware and efforts at flooding a business with spam. Whatever IT and storage solutions your business uses, DLP needs to be present across all of them.
How to deal with data loss
The best practices for managing business data include ensuring all staff are fully aware, and regularly reminded, of their legal obligations when handling sensitive files. Teaching a safety first approach helps protect the business and encourages workers to report those who take a less than safe approach to data and file management.
Implementing a DLP solution that meets the needs of the business is the responsibility of the CISO or other role. When it comes to dealing with data breach or loss, the company will need a small team to focus on what happened, how it happened and what the company’s legal exposure is.
If data is lost or shared, the company needs to be fully open to affected partners or clients. Generally, those that have tried to cover up their mistakes, or paid to keep the issue out of the press have been exposed sooner or later, with huge reputational damage.
Naturally, any breach needs to be sealed, and new procedures or solutions deployed to prevent a repeat.
The basics of data backup and recovery
Alongside data loss prevention, every business should have comprehensive data backup and recovery tools in place. As many companies find out the hard way, these must be tested from time to time.
This is both to find out how long a recovery will actually take and what data is missed from the archiving. Procedures in place should also be updated regularly to backup new data stores, and to ensure that multiple archive locations are available across cloud and off-site storage to cover the business in any potential crisis.
For smaller businesses, ad hoc backups to memory stick or DVD can soon be forgotten or spiral out of control. This makes automated backups an essential part of the regular running of the company, and while paper may be unfashionable, having accessible copies of key documents is never a bad thing.
Data recovery might be part of your basic IT strategy. But it can also come into play if the business ever has data kidnapped, encrypted and held for a digital ransom. The easiest way to workaround these types of attack is a reinstall but the larger the business, the longer it will take.