Data loss, whether short or long-term, can be crippling to the day-to-day operations of an organisation which is why having a robust data protection and recovery plan in place is of paramount importance.
Formal plans should address a) how company data is kept secure, and b) how data will be recovered in the event of loss.
Best practice for data protection and recovery
Build a plan
A written DR (Disaster Recovery) Plan which provides step-by-step instructions regarding the effective management of company data is fundamental. Engaging/forcing staff to focus on the development of a plan, will ensure the value/importance of data is fully understood. During the planning process, security measures for access/login controls should be agreed and procedures defined for data back-ups, amongst other things. Pulling together a robust plan will take time and money, but the benefits will far outweigh the costs.
Check legal requirements
Ensure plans adhere with (and ideally exceed) any legal/regulatory requirements.
Test the plan
Whilst larger organisations may be required to test plans for compliance/auditing purposes, smaller firms should also test their DR plan to see how quickly data can be recovered in the event of loss.
Having defined and implemented tools/procedures it’s important to put measures/metrics in place to ensure they are working as expected, so issues are quickly identified and resolved.
Access to sensitive data should be restricted, not to one sole employee, but put access controls in place so that only those that ‘need’ to have access do, in order to minimise the risk of data misuse or theft. Ensure processes are in place to revoke access rights in the event of misconduct or an employee leaving the organisation.
Centralise data management
Use a centralised data management console to help preserve data integrity and provide all employees with a single point of access to company data, reporting, which can be policed and monitored.
Data should be viewed as a core asset by all employees, and staff should be aware of the role they play in data protection and should be held accountable.
The sky has its’ limits
Cloud-based storage may appear to be a cost-effective solution for data storage, but shouldn’t be a company’s sole back-up. Advice is to ensure back-up data is stored both on and off-site.
Furthermore it’s important to have solutions that aren’t all dependent on internet connectivity in the event of an outage. Consider storing sensitive back-up data on Hard Disk Drives in a safe, out of sight and reach from hackers.
Don’t be afraid to ‘back up the back up’. Compared to the crippling costs of data loss, storage is cheap, invest in different data storage solutions in different locations to ensure data can be retrieved quickly in the event of loss.
Handle with care
It may seem obvious but devices with mechanical parts (such as hard drives) are fragile and should be looked after – avoid extreme temperatures and liquids. Data storage devices with non-mechanical parts also need to be treated with TLC. SD cards commonly used in cameras to store photos and videos can be very sensitive, even to static charges.
In the event of hard drive failure, be sure to enlist the services of a reputable data recovery specialist to retrieve your data. A first class data recovery service won’t be cheap, but the cost will be significantly lower than the value of the data.
Failure to take data protection and recovery seriously can impair your business health – loss of data can halt business operations (lost revenue), result in longer term reputational/brand damage and if the data lost is of a sensitive nature you could be in line for a hefty fine under the EU General Data Protection Regulation (enforceable from May 2018) and legislation that will replace the 1998 Data Protection Act.
Data Resus from Cardwave® uses the latest generation software packages and hardware tools for recovering data (files and photos) from all types of media. We offer a ‘DIY’ style recovery software (including a free online evaluation), plus a ‘no recovery, no fee’ send-in service for sensitive, large, or difficult to recover data.
Find out more about Data Resus now at http://www.dataresus.com