SolarWinds MSP is becoming 
Read More
Read More
Data
Data Loss Prevention Methods
13 December, 2018
At the user’s level, data loss can be hugely frustrating; however, on a company level it can be disastrous. As this article will explain, there are a number of things you can do to ensure you keep data loss to an absolute minimum.
First, we need to define exactly what data loss means.
What does data loss mean?
Data loss refers to when your data has either been corrupted or deleted. There are a number of different ways this can happen, with the most common causes of data loss being hardware failure, software error, or the result of human action. In the case of human action, this can be someone either inside or outside your organization intentionally or unintentionally tampering with data.
It’s important to note that data loss is not always present in a data breach (where hackers get into your systems). Unless there is malicious intent to delete data—for example, in a ransomware attack—very often the target company’s data is left intact and copies of the data are made. This is referred to as data leakage.
Whatever the cause of your data loss, all is not lost. Here are four tips to help you prevent data loss prevention.
How do you prevent data loss?
Google “data loss prevention methods” and you’ll be presented with a series of technologies, products, and techniques that are more designed for data leakage, i.e., preventing sensitive information from leaving an organization. Although some of the techniques are the same, that’s not what we’re predominantly focused on here.
As with anything, the first step in data loss prevention is having a plan. And while systems can always fail out of the blue, if you have a data loss prevention plan in place you are unlikely to be caught off guard.
Here’s what you need to have in place:
- Regular backups
Your number one defense in data loss prevention is backup!If you have any data critical to your business—whether emails, spreadsheets, databases, Word documents, CRM data, software, or any other data stored on your servers—then you need to back it up regularly.
To find out more about backup, read this blog: A step-by-step guide to backup strategy for small business. The bottom line is that every company should have a routine and process for backing up critical data, files, and applications. This means that in the event of data being deleted or corrupted it can be quickly recovered to the last point it was backed up. How long this period is will depend on your recovery point objectives (RPO), as discussed below.
On top of this, a crucial part of any backup plan is that it is tested so you know data is definitely recoverable in the event of an emergency.
- Set recovery point objectives (RPO)
An important part of creating a backup process is setting your RPO, as this establishes the time period in which transactions might be lost from an IT service due to a major incident. For example, if you’ve set an RPO of one hour this means that if data is deleted or corrupted you’d only ever lose a maximum of one hour’s worth of data. The length of time you set between backups will depend on the size and nature of your business. For some organizations, even one hour may be too much.
To work out what your RPO should be, you need to take into account a number of different factors. The most important of these is the impact of prolonged data loss on your business. Do not get RPO confused with RTO (recovery time objective), which is the amount of time you can afford for your systems to be offline before it starts seriously impacting your business.
To find out more about RPO and RTO, check out this blog: What's your RTO/RPO and how do you calculate it?
- Patch and update your systems
Patching is something else that should be a crucial part of any business’s data loss prevention policy, regardless of whether you’re a small business with a handful of computers or an enterprise with a sprawling network of different machines. While it’s most commonly associated with security updates to ensure that systems remain as secure as possible, it also serves the purpose of ensuring that systems operate to the best possible standard. Patches often tend to be released to resolve critical stability problems and other issues that leave systems at risk of failure or malfunction. This means that leaving your systems unpatched can allow them to become unstable and therefore more at risk of crashing and causing company data loss.
Updating your systems proactively on a regular basis is a small commitment to make when compared against the cost—both in dollars and time—of trying to recover lost data because an aging and unpatched system has died.
For more on how to create a patch management process in your organization, read this blog: Five steps to an easier patch management process
- Know when to upgrade
Beyond patching, it’s important to understand nothing lasts forever. You’ll need to upgrade systems and software before they get to the point of becoming unstable due to age.
For example, virtually all hardware has a limited lifespan, so to protect yourself against company data loss due to unexpected hardware failure you need to replace components and devices before they are at risk. This is true in particular for disc drives, which ideally need to be replaced every few years.
Regardless of the size of your organization, you need to know all the hardware and software on your network, how old it is, and when it needs to be replaced. If you don’t have this then you are leaving yourself open to trouble if a system that has gone under the radar fails and results in widespread—or even localized—data loss. If you don’t have an inventory of your systems and hardware already, make that a top priority for your organization.
While systems can inexplicably fail and cause company data loss, following these four simple steps will help ensure you have contingency plans in place so the impact of any data loss in minimized.
Additional reading
Want to stay up to date?
Get the latest MSP tips, tricks, and ideas sent to your inbox each week.