David Zimmerman is CEO of LC Technology.
The key for creating a data recovery strategy is to act proactively. You don’t want to scramble to locate and recover data after a breach/accident/flood, you want to have systems in place that protect your company from data loss. Surprisingly, many companies still argue that they cannot afford a comprehensive disaster recovery plan, despite the massive risks of losing data or not trusting the integrity of the data. The costs of improved malware security, better storage, and access control are exceedingly cheap when compared to the costs of a data breach caused by either internal or external agents.
Companies should take a methodical approach to data restoration plans that can limit the exposure to loss:
Write a Formal Plan
Marketing and sales strategies both ideally run on written plans that detail which people are performing which tasks. Data management should also warrant such a defined and accountable approach. A formal plan is absolutely necessary as it adds transparency to the data collection and storage processes.
The plan should function as a roadmap that details the sources of data (CRM, surveys, phone calls, social media) as well as which departments are responsible for that data. The plan should provide a guide for every employee in the business, so they understand how they should access, store, and transmit company information. Planning forces companies to think about data sources, and during that process they might find unsecured data, or information that’s no longer needed and should be discarded.
Institute Access Controls and Monitoring
As the business grows it becomes more complex, which means a greater number of staff members are accessing systems and there’s greater need for IT consultants, and third-party vendors. Managing the access of all of these people manually is a considerable security risk. Access control and monitoring platforms are necessary for dynamic control over which data can be reached by which people. It provides a layer of protection for the company by deleting access rights for people that leave the company, or for vendor staff when their work is completed.
Control can also be exerted over the types of information that are accessible to each worker. Ideally, they will have access to all of the data they need to perform their business functions, but not additional sensitive additional information. Does marketing need access to customer’s financial information? Likely not, so be sure that data access is restricted.
Build Multiple Backup Layers
To ensure business continuity, companies should create “backups of the backups” by using multiple types of physical and cloud-based storage. External hard drives are very inexpensive, so companies should include them into their recovery plan. To prevent loss due to a natural or manmade disaster such as a flood, earthquake, or fire, firms should have one physical backup that resides offsite.
Cloud storage is also cheap, even for firms with large storage needs. The big players such as Amazon and Google offer competitive per-month pricing that can be tailored to fit the needs of any business. A combination of physical and cloud-based storage provides companies with “redundant redundancy” and near-zero risk of business interruption. While public cloud companies have made significant gains in security and reliability, there’s still the recommendation to place the most sensitive data in a single-tenant private cloud.
Use Recovery Experts
Most large companies encourage staff to save files on either a shared cloud drive or on-premises storage. However, many employees still use their own laptop to store or create data. Or they might use a digital camera as part of their job and have to keep thousands of photos on a SD card. Hard drives and other physical storage media are fragile and can be corrupted if used improperly. If a staff member has a corrupted SD card and desperately needs to recover the information, then the best option is to use specialized recovery software.
Staff should be instructed to not use free utilities from the internet to attempt to recover data, as these are often riddled with malware and used by hackers. If recovery is needed, remember the “risk/reward” of the situation, and pay the experts who have the greatest odds of retrieving valuable information.
Opinions expressed in the article above do not necessarily reflect the opinions of Data Center Knowledge and Penton.