Proactive Prevention of Five Common Causes of Data Loss
How to prevent and quickly remedy five of the leading causes of data loss in your enterprise.
- By David Zimmerman
- March 2, 2020
Data loss is crippling. It can damage a company's brand reputation, its ability to conduct business, and erode its relationship with partners or customers. Given the risks of data loss, it's still surprising to see a general lack of awareness and sense of urgency among business leaders about preventing or recovering from it.
Data loss events happen frequently. Upwards of 50 percent of hard drives fail within five years. Even the cloud isn't bulletproof; 47 percent of enterprises lost data in the cloud and had to restore their information based on a 2013 study.
The overall lack of awareness about these threats may explain why companies lack the right tools and training to greatly reduce the risks of data loss. A first step forward for management is to recognize the primary causes of data loss to better understand proactive strategies for preventing such losses.
Below are five common data loss events, and guidance for preventing and quickly remedying them:
The Human Element
The inevitable fallibility of humankind provides a number of entry points for data loss. For example, employees who use "1234" as their password might give hackers simple access points to sensitive data. A salesperson headed to a conference might put product data onto a thumb drive and leave it in the bathroom for someone to swipe. Although these occurrences are manageable through better training and protocols, more malicious behaviors are tough to combat.
Examples of malicious intent include employees who save the organization's data to their personal devices, or worse, provide the data or access credentials to hackers. Monitoring systems that keep an eye out for odd data access behaviors and restrict downloading are a smart way to reduce the chances of such criminal mischief.
For smaller businesses, failures of hardware are common. Without automated backups, employees at small organizations might look to their own external hard drives or storage solutions instead of corporate servers or the cloud. This creates risks of exposure and increases the odds of data loss through theft or hardware failures.
A common data loss occurs with portable flash drives. These remain popular with employees because they are convenient and durable and provide remote workers with instantly accessible documents and files. Wi-Fi can be unpredictable, so a salesperson giving a PowerPoint demo will often rely on a thumb drive instead of pulling their presentation from the internet. However, their demos should also be saved elsewhere and backed up so that not just one copy exists.
Data is still just a collection of "1s and 0s" assembled in a certain order, and sometimes, this order is disrupted. Data corruption is a form of data loss that's tough to fix and can cause business interruptions. Corruption occurs on multiple types of devices, from in-house servers to SD cards that hold proprietary corporate imagery. To protect against server-level corruption, companies must employ multiple redundant cloud backups. They should also consider replacing hard drives on a schedule to lower the risk of failure and corruption. Devices such as SD cards, flash drives, and laptops should only be used as short-term data receptacles.
Ransomware and Theft
The "2019 Official Annual Cybercrime Report" (ACR) notes ransomware hits a company every 14 seconds, an astonishing statistic that points to the success and ease of implementation of such attacks. Ransomware involves a hacker gaining access to a company's data and then encrypting it with a key that is held as the ransom. The hacker might take over the company's website and prevent access to important data, which in some cases can prevent the company from conducting any business. Desperate businesses often pay the ransom, but there's no guarantee the that hackers will then decrypt the data or not repeat the ransom in the coming months. If ransom isn't paid, the hackers might expose sensitive data to the internet or simply leave it encrypted and useless.
Intrusion detection systems and employee training are needed to prevent ransomware. Organizations should also consider data segregation tactics that place sensitive data apart from more commonplace information. This might require establishing private cloud environments to make it much harder for hackers to obtain the most important data.
Fires, floods, tornados, earthquakes, and other disasters can result in massive data losses. Floods (especially saltwater) severely damage equipment such as servers, SD cards, and laptops. With corrosion from seawater, data recovery might be impossible.
Managing the risks of natural disasters should start by inventorying all corporate-owned data, including the data's actual location. Conducting this inventory is an important part of a broader disaster recovery plan and can go a long way toward eliminating the risk of data loss. Backing up data to external hard drives is a good first step, but only if the drives are held off site. If a disaster strikes and all of the data is held within the office, then the backups are useless. Automated cloud backups to multiple concurrent cloud providers is the best hedge against natural disasters. The disaster management plan should detail which cloud providers are currently in use, the access credentials for each provider, and how (and how quickly) lost data can be restored.
A Final Word
Managing data loss is a case of reducing risks and consequences. The risk cannot reach zero -- people make mistakes, disasters happen, and hardware breaks. However, the right mix of training, corporate protocols, and cloud backups can greatly reduce the downsides of any data losses, making them slight inconveniences instead of business-ending disasters.
About the Author
David Zimmerman has been in the data recovery software market for 20 years, during which he has created and supported drive-recovery software products for the PC market and successfully marketed them both nationally and internationally. His company, LC Technology International, Inc., based in Clearwater, Florida, is a global leader in data recovery, file system utilities, and data security technology. Clients include original equipment manufacturers, local, state, and federal law enforcement agencies, corporate security specialists, and IT consultants, among others.