What are the benefits of implementing a data loss prevention system in an organization’s network? Are there any negatives you can think of for having a data loss prevention system?
In my own personal experience, a DLP system can really reduce the likelihood of accidental or purposeful release of sensitive information. One of the easiest examples of the benefits is a system that scans emails to ensure data such as social security numbers or credit card numbers are not included. Emails releasing sensitive information can easily be sent accidentally or purposefully and the DLP system can block, quarantine, warn, or force encryption, for just a few examples. However, depending on how the DLP system is configured, it could cause annoyance and aggravation when legitimate attempts are made to transfer data. I remember when I left my last organization, I had a small number of personal files I had saved to my work computer. I tried to send them to a personal email, and they were blocked by the DLP system because it detected some elements of PII or sensitive data. While I understand the benefit and need for such protection, it can be annoying when it makes it harder (or impossible) to send legitimate emails or transfer legitimate files that are detected as sensitive.
I was surprised when I recently came across a few people in charge of IT security that didn’t know what DLPs are. I think they’re extremely valuable because of how versatile they are. The most common form of DLP I have seen is configured on emails.
For organizations like hospitals, DLPs are incredibly helpful. They have tons of ePHI moving around and need to be worried about intentional or unintentional disclosures. DLPs can automatically encrypt or block emails with SSNs. A DLP could block a computer from burning CDs or performing peer-to-peer file sharing.
The drawbacks are the monetary costs and it’s another solution to manage and configure. As with anything security related, it needs to be balanced with the functionality of the business.
DLP can certainly rack up cost for an organization depending on the back up technology being used and it could create more redundancies that’s needed, resulting in more storage media being used than is necessary. However, it does mitigate against the risk of date loss from intentional or malicious actions of threat actors that could ultimately save the company’s revenues, maintain their brand/image and protect their customer base – all of which are bottom line impacting.
My answer might not be as good as our other classmates, but the simplest reason would be the value to the business. Jon touched on the monetary costs. DLP systems are only worth as much as the value they provide the business. Of course, this all depends on the type of data you are storing. You could have systems that hold confidential information of clients/patients that are crucial to your business. Or you could have public information stored somewhere for vetting and easy access, which won’t really matter if it’s lost outside of some inefficiencies.
The Chapter we read this week talks about four different levels of data destruction, with the most complete solution to be physical destruction. However, a lot of our data is now stored in the cloud versus on our own physical devices that are under our personal control or the control of the companies we work for. What do you think this means for the future of data protection when it comes to ensuring appropriate destruction?
I think proper practice for companies is to have agreements in place that when a contract is up or data needs to be deleted it is done in a way that is appropriate or the data are returned. Data have to reside on physical hardware somewhere. The destruction methods will be the same. There isn’t the same level of assurance as if IT drilled a hole in a hard drive themselves, but things like certificates of destruction do exist. I think the bigger issue is for individuals. We don’t have the power that companies do to have those contracts in place. We’re probably always agreeing to terms and conditions we don’t read that allows a company to keep our data indefinitely.
I think companies need to make sure they do their due diligence when looking for a cloud provider to see what their data retention and destruction policies are, as well as how the data is being stored. If the cloud provider is going to be storing the data on drives that are shared with other customers then it will be more difficult to destroy the data if the company decides to eventually leave.
Cloud is the one of methods that I used to backup data. Plenty of cloud services providers offer free storage space and reasonable fees for additional space while keep my data safe with end-to-end encryption. It works great so far unless one day the cloud provider has gone out of business.
Hi Jonathan,
We currently use several methods for backing up our personal data. We use google and amazon for our photos, this includes photos from our cell phones as well as other cameras and digital photography. We use backblaze, which is a paid online cloud storage provider to back-up our other documents. Lastly, we also have important documents and copies of birth certificates, driver’s license and passports, etc. stored on media devices (password protected flash drives) and keep one in a safe in our home and the other one in a safe deposit box at our financial institution. This was in place prior to the cloud solutions (yes I am dating myself here:)) and we do not see a reason to discontinue as it serves as a second failsafe. We have never officially tested our back-ups; however, every time we need to retrieve photos or documents we have been able to do so.
Before advanced technology, I used to do 1 big data backup into an external hard drive at least once a year, saving all my photos, videos, music, documents, etc. I remember this process could take up to 8 hours for all my files. With the introduction of cloud technology and streaming services, there are less files i need to back up, everything document related is in my Google drive, music and videos I am able to stream instead of download. The only data i back up frequently are my photos, which happen automatically as it is updated throughout the day to my Google photos. I used to test my backups to my hard drive to make sure they work but I’ve been guilty of not doing it as much lately. It is good practice to check because sometimes despite seeming like it is backed up, the file may be corrupt and not open correctly.
For my personal data I use the file/directory method and just backup my documents, pictures, and anything else I really would need. I try to utilize free cloud services when possible for pictures and any documents. For other documents such as financial I would backup to an encrypted external storage device.
Personally, I use the time machine feature for my MacBook to backup my computer, and I use just cloud backups for my cell phone. Any file I want to ensure I won’t lose I will also store it in a google drive folder or on a flash drive. I periodically test my backups to ensure everything is saving correctly. About a year ago, my laptop crashed and my hard drive was corrupted, so I could not retrieve my files without paying lots of money to possibly save some files. Luckily, my backups saved me from losing my important files, but ever since then, I have been paranoid about ensuring my backups are working properly
I personally use Apple iCloud to backup my data from my computer. Before I used to use external hard drives but I would sometimes lose the actual hard drive. I then switch to using a Mac and found that backing up my data was actually quite easy. Yes, I have tested my back up a few times when I ran into some system setting or wireless connection issues. And, the stored backups on Apple’s iCloud worked. I have to say the monthly price of about $5 is worth the investment in data backup.
This chapter discusses different data backup scopes. Which scope offers the greatest degree of protection for the organization, and why might an organization choose to not implement it? Is there a reason why an organization would implement multiple backup systems of different scopes?
Hi Mitch,
Based on my interpretation of the section on backup scopes, the most comprehensive backup is the image backup, in which the entire contents of the computer is copied onto backup media. However this method is very slow and as a result these types of backups are not performed as frequently. This is where the second part of your question comes into play. While it is safest to implement the image backup, it also makes sense to implement shadowing/and or file directory and/or data back-up. These scopes only back up files (shadowing) and data on the computer (file directory/data). By implementing two or three of these methods, you are offering a greater form of protection against specific files and documents as well as the entire system configuration/information. It is also important to note that the system information backed up during an image backup typically does not change that often,; therefore, full image backups are not required to be performed as frequently as shadowing and file directory backups.
An image back in conjunction with a file/directory back up may be best suited for a small company. The image back would allow the everything to be fully backed, that is programs, setting, files, etc. However, since it is much slower, image back up may occur less frequently. As such, file/directory back up can be used for data file changes since this experiences the most rapid change versus apps or settings where change may occur less frequently.
If forced to choose only one backup scope, I think file/directory data backup is best-suited for a small business. It allows the business units to prioritize data to be backed up in conjunction with the IT department. This makes it less resource-intensive than image backups or shadowing, and enables the company to manage its limited resources at a more granular level.
Can data still be recovered upon deleting in the cloud? And, how can clients be assured that their data is completely deleted permanently when they request it to be deleted within the cloud?
This is an interesting question, personally, I believe as a client of a cloud provider, we do not have the possibility of recovering data after deletion or contract termination. However, as the service provider, it’s always recoverable and nothing is truly deleted. or destroyed. The contract or the terms will clearly state what’s “recoverable” and what’s not, but the terms and contract does not define the technology. Legally what’s recoverable and technically what’s recoverable are very different.
I believe shadow backups are most effective from a cost and security perspective because it has limited storage space so companies don’t need to invest more money into more storage. All real-time data are saved immediately and oldest data is deleted to create more space. From a security perspective if data was compromised, hackers would not have access to the entire data base.
If for some reason a data backup protection is hacked, what would be the main reason for that, and what steps would need to be taken to resolve that issue?
The end of this chapter focused on DLP measures such as document restrictions, rules/policies related to data collection, employee training, etc. What measure discussed in this chapter do you think is most effective? What measures does your organization have in place to prevent data loss?
Christa, in my experience, automated preventive controls that restrict access and/or enforce rules related to the access and/or movement of data are the most effective. I do think that training is really important, but given how frequently we access files and data and given the volume of emails we send in conducting day-to-day business, I think it’s important to have automated controls such as a DLP system that can enforce certain rules without a human having to think about it. This can help to reduce and mitigate risk from both a purposeful threat attempted by a bad actor, or an accident by an employee that is being careless or not paying attention.
In a perfect world, daily full backups would be extremely helpful. Unfortunately, these backups take up lots of storage and require lots of processing power. The cost of these backups and for storage of these backups make it not practical in most situations.
According to the textbook, full backups are quite time-consuming. Therefore, most of the sites prefer incremental backups more often. It also can save more media spends on backup storage.
This process takes up a lot of resources such as storage space, computing powers, and traffic resources for transferring archives into a data storage system. Typically, full backups are only done once a week and are part of an overall backup plan. However, the relatively long intervals between backups mean that if something goes wrong, a lot of data is going to be lost.
Even though full backups are not done everyday, I would assume that some companies think they are immune to any attacks if they don’t do routine backups which would demonstrate carelessness on their part, because that one day they decide not to do a backup, could be the day disaster may strike from unauthorized users.
Cloud solutions are currently the most effective way of reducing the loss of data due to hardware failures. bring your files anywhere and any device truly reduced the amount of time and effort to back/restore data.
I think the most important rule is to make sure your backup files are not stored on the same device you’re backing up. Storing the files on a external storage device or using a third-party backup service that stores the backup on their systems. Either of these approaches will help reduce the amount of data that is lost if a drive crashes. Using a third-party backup service most likely will have a cost, but is more seamless than having to manually backup the files and maintain the versions.
The best way is to prepare a backup in advance. It can be in the cloud or other external drive to save important data every time when the user finished their work. If the user does not have any backup in advance, they might try to install a recovery program or hire a professional to repair the data.
My easiest personal solution would be to take all the files off my desktop, which I am notoriously bad about storing there, and saving them in OneDrive or on another cloud solution. This would allow me to log in to the cloud solution via the internet and access my files and data there. The files on my hard drive are backed up periodically but it would be a lot easier to ensure the data is routinely backed up and available with a solution like OneDrive.
It is important to plan ahead and have backups frequently or happening automatically before a crash does happen. Ways to reduce the amount of data lost are: set for data to automatically upload whenever connected to wifi into the cloud, this would help protect data real time. Secondly, planning for periodic file backups into an external hard drive at least once a month or every 2 months would reduce the amount of data lost in a crash.
The best way to minimize data loss in the event of hard drive failure is to back up your data to a cloud storage space. One option is to back up data to a public cloud such as Microsoft OneDrive or Google Drive. Another option is for an organization to host a file backup server on-premises. This could allow for automatic or manual back ups of data from client machines, or the organization could even restrict access to the local drives of client machines and map the file server as the default location for file libraries.
Have you ever had an experience, whether personally or at work, where you lost a significant amount of data due to lack of a backup, or due to bad backup policies?
I heard about one from my friend who was a graphic designer. He accidentally checked on a button to confirm to initialize the computer when he tried to convert the data from mac to pc. All of the data was gone. In the end, the company was able to find some of the data from the backup drive but not all of them. Therefore, he had to a lot of works all over again.
I work in a desktop support role in a large organization, and our policies do not enforce data backups from client machines. We have solutions available, like OneDrive, that can be configured to automatically back up certain local libraries, and we also have cloud storage services with shadow copy capabilities for shared folders. However, use of those solutions isn’t required and unfortunately we do run into situations where a local drive has failed and data is irretrievable from the machine.
There is no one-size-fits all approach to RAID because focus on one factor typically comes at the expense of another. Some RAID levels designate drives to be used for redundancy, which means they can’t be used for capacity. Other RAID levels focus on performance but not on redundancy. However, the RAID 5 is the most common and best all-round RAID level.
Have you ever had a conversation with your IT team about keeping documents past the retention period? Did you explain the legal risk with keeping these files past the retention period?
Hi Mike, the legal risk of retaining documents beyond the retention period would only pertain to certain legally protected information. I’ve never had this conversation personally, but I’d imagine that there would be some lengthy, bureaucratic process behind it. As legislative bodies start to slowly catch up to the tech world, this will become a much bigger issue and discussed topic.
Hi Mike,
My organization is in the middle of an initiative related to unstructured electronic record retention requirements, basically a clean up of shared drives, SharePoint sites and any other place where unstructured electronic records are stored (other than personal drives….that is a different can of worms!). As part of the initiative, each department has to conform to a naming convention, create an information map and ensure documents are maintained in accordance to our organization’s records retention requirements. It is explained to each department the risks involved with maintaining data outside of the retention requirements, one of which is legal risk.
Anything in writing is discoverable, so once something passes its retention, it should be deleted (unless the file is on a “legal hold”). In addition, if files are not deleted timely and an abundance of files are saved, there can be delays with providing information requested from a regulatory perspective, which can lead to non-compliance. Another scenario is that an outdated document could be provided (i.e. a draft version vs a final version). This can be a critical error when a Bank is reviewed by a regulatory agency.
My data hasn’t been hacked luckily, but one my of relatives recently had some important tax documents scammed from her. We took a few steps to try and prevent this in the future. We bought her security software so every email she receives is scanned for malware/ phishing links. Since, in the scenario, a backup of the data wouldn’t be helpful, we really focused on education and helping her identify scams in the future.
What are the benefits of implementing a data loss prevention system in an organization’s network? Are there any negatives you can think of for having a data loss prevention system?
In my own personal experience, a DLP system can really reduce the likelihood of accidental or purposeful release of sensitive information. One of the easiest examples of the benefits is a system that scans emails to ensure data such as social security numbers or credit card numbers are not included. Emails releasing sensitive information can easily be sent accidentally or purposefully and the DLP system can block, quarantine, warn, or force encryption, for just a few examples. However, depending on how the DLP system is configured, it could cause annoyance and aggravation when legitimate attempts are made to transfer data. I remember when I left my last organization, I had a small number of personal files I had saved to my work computer. I tried to send them to a personal email, and they were blocked by the DLP system because it detected some elements of PII or sensitive data. While I understand the benefit and need for such protection, it can be annoying when it makes it harder (or impossible) to send legitimate emails or transfer legitimate files that are detected as sensitive.
I was surprised when I recently came across a few people in charge of IT security that didn’t know what DLPs are. I think they’re extremely valuable because of how versatile they are. The most common form of DLP I have seen is configured on emails.
For organizations like hospitals, DLPs are incredibly helpful. They have tons of ePHI moving around and need to be worried about intentional or unintentional disclosures. DLPs can automatically encrypt or block emails with SSNs. A DLP could block a computer from burning CDs or performing peer-to-peer file sharing.
The drawbacks are the monetary costs and it’s another solution to manage and configure. As with anything security related, it needs to be balanced with the functionality of the business.
DLP can certainly rack up cost for an organization depending on the back up technology being used and it could create more redundancies that’s needed, resulting in more storage media being used than is necessary. However, it does mitigate against the risk of date loss from intentional or malicious actions of threat actors that could ultimately save the company’s revenues, maintain their brand/image and protect their customer base – all of which are bottom line impacting.
DLP implementations are never perfect, false positives are common.
My answer might not be as good as our other classmates, but the simplest reason would be the value to the business. Jon touched on the monetary costs. DLP systems are only worth as much as the value they provide the business. Of course, this all depends on the type of data you are storing. You could have systems that hold confidential information of clients/patients that are crucial to your business. Or you could have public information stored somewhere for vetting and easy access, which won’t really matter if it’s lost outside of some inefficiencies.
The Chapter we read this week talks about four different levels of data destruction, with the most complete solution to be physical destruction. However, a lot of our data is now stored in the cloud versus on our own physical devices that are under our personal control or the control of the companies we work for. What do you think this means for the future of data protection when it comes to ensuring appropriate destruction?
I think proper practice for companies is to have agreements in place that when a contract is up or data needs to be deleted it is done in a way that is appropriate or the data are returned. Data have to reside on physical hardware somewhere. The destruction methods will be the same. There isn’t the same level of assurance as if IT drilled a hole in a hard drive themselves, but things like certificates of destruction do exist. I think the bigger issue is for individuals. We don’t have the power that companies do to have those contracts in place. We’re probably always agreeing to terms and conditions we don’t read that allows a company to keep our data indefinitely.
I think companies need to make sure they do their due diligence when looking for a cloud provider to see what their data retention and destruction policies are, as well as how the data is being stored. If the cloud provider is going to be storing the data on drives that are shared with other customers then it will be more difficult to destroy the data if the company decides to eventually leave.
What type of backup methods do you use for your personal data? Have you ever tested your backups?
Cloud is the one of methods that I used to backup data. Plenty of cloud services providers offer free storage space and reasonable fees for additional space while keep my data safe with end-to-end encryption. It works great so far unless one day the cloud provider has gone out of business.
Hi Jonathan,
We currently use several methods for backing up our personal data. We use google and amazon for our photos, this includes photos from our cell phones as well as other cameras and digital photography. We use backblaze, which is a paid online cloud storage provider to back-up our other documents. Lastly, we also have important documents and copies of birth certificates, driver’s license and passports, etc. stored on media devices (password protected flash drives) and keep one in a safe in our home and the other one in a safe deposit box at our financial institution. This was in place prior to the cloud solutions (yes I am dating myself here:)) and we do not see a reason to discontinue as it serves as a second failsafe. We have never officially tested our back-ups; however, every time we need to retrieve photos or documents we have been able to do so.
I hit send too soon – forgot to add we also have a full back-up on several disks (dvds) also stored on our home safe and the safe deposit box.
Before advanced technology, I used to do 1 big data backup into an external hard drive at least once a year, saving all my photos, videos, music, documents, etc. I remember this process could take up to 8 hours for all my files. With the introduction of cloud technology and streaming services, there are less files i need to back up, everything document related is in my Google drive, music and videos I am able to stream instead of download. The only data i back up frequently are my photos, which happen automatically as it is updated throughout the day to my Google photos. I used to test my backups to my hard drive to make sure they work but I’ve been guilty of not doing it as much lately. It is good practice to check because sometimes despite seeming like it is backed up, the file may be corrupt and not open correctly.
For my personal data I use the file/directory method and just backup my documents, pictures, and anything else I really would need. I try to utilize free cloud services when possible for pictures and any documents. For other documents such as financial I would backup to an encrypted external storage device.
Personally, I use the time machine feature for my MacBook to backup my computer, and I use just cloud backups for my cell phone. Any file I want to ensure I won’t lose I will also store it in a google drive folder or on a flash drive. I periodically test my backups to ensure everything is saving correctly. About a year ago, my laptop crashed and my hard drive was corrupted, so I could not retrieve my files without paying lots of money to possibly save some files. Luckily, my backups saved me from losing my important files, but ever since then, I have been paranoid about ensuring my backups are working properly
I personally use Apple iCloud to backup my data from my computer. Before I used to use external hard drives but I would sometimes lose the actual hard drive. I then switch to using a Mac and found that backing up my data was actually quite easy. Yes, I have tested my back up a few times when I ran into some system setting or wireless connection issues. And, the stored backups on Apple’s iCloud worked. I have to say the monthly price of about $5 is worth the investment in data backup.
This chapter discusses different data backup scopes. Which scope offers the greatest degree of protection for the organization, and why might an organization choose to not implement it? Is there a reason why an organization would implement multiple backup systems of different scopes?
Hi Mitch,
Based on my interpretation of the section on backup scopes, the most comprehensive backup is the image backup, in which the entire contents of the computer is copied onto backup media. However this method is very slow and as a result these types of backups are not performed as frequently. This is where the second part of your question comes into play. While it is safest to implement the image backup, it also makes sense to implement shadowing/and or file directory and/or data back-up. These scopes only back up files (shadowing) and data on the computer (file directory/data). By implementing two or three of these methods, you are offering a greater form of protection against specific files and documents as well as the entire system configuration/information. It is also important to note that the system information backed up during an image backup typically does not change that often,; therefore, full image backups are not required to be performed as frequently as shadowing and file directory backups.
Which of the backup scope degree you think is the best for a small company? File/Directory data backup, image backup, or shadowing?
An image back in conjunction with a file/directory back up may be best suited for a small company. The image back would allow the everything to be fully backed, that is programs, setting, files, etc. However, since it is much slower, image back up may occur less frequently. As such, file/directory back up can be used for data file changes since this experiences the most rapid change versus apps or settings where change may occur less frequently.
If forced to choose only one backup scope, I think file/directory data backup is best-suited for a small business. It allows the business units to prioritize data to be backed up in conjunction with the IT department. This makes it less resource-intensive than image backups or shadowing, and enables the company to manage its limited resources at a more granular level.
Can data still be recovered upon deleting in the cloud? And, how can clients be assured that their data is completely deleted permanently when they request it to be deleted within the cloud?
This is an interesting question, personally, I believe as a client of a cloud provider, we do not have the possibility of recovering data after deletion or contract termination. However, as the service provider, it’s always recoverable and nothing is truly deleted. or destroyed. The contract or the terms will clearly state what’s “recoverable” and what’s not, but the terms and contract does not define the technology. Legally what’s recoverable and technically what’s recoverable are very different.
What type of backup technology is the most effective from a cost and security perspective?
I believe shadow backups are most effective from a cost and security perspective because it has limited storage space so companies don’t need to invest more money into more storage. All real-time data are saved immediately and oldest data is deleted to create more space. From a security perspective if data was compromised, hackers would not have access to the entire data base.
If for some reason a data backup protection is hacked, what would be the main reason for that, and what steps would need to be taken to resolve that issue?
The end of this chapter focused on DLP measures such as document restrictions, rules/policies related to data collection, employee training, etc. What measure discussed in this chapter do you think is most effective? What measures does your organization have in place to prevent data loss?
Christa, in my experience, automated preventive controls that restrict access and/or enforce rules related to the access and/or movement of data are the most effective. I do think that training is really important, but given how frequently we access files and data and given the volume of emails we send in conducting day-to-day business, I think it’s important to have automated controls such as a DLP system that can enforce certain rules without a human having to think about it. This can help to reduce and mitigate risk from both a purposeful threat attempted by a bad actor, or an accident by an employee that is being careless or not paying attention.
Why do most companies not do a full backup everynight? Wouldn’t this make the most sense?
In a perfect world, daily full backups would be extremely helpful. Unfortunately, these backups take up lots of storage and require lots of processing power. The cost of these backups and for storage of these backups make it not practical in most situations.
According to the textbook, full backups are quite time-consuming. Therefore, most of the sites prefer incremental backups more often. It also can save more media spends on backup storage.
This process takes up a lot of resources such as storage space, computing powers, and traffic resources for transferring archives into a data storage system. Typically, full backups are only done once a week and are part of an overall backup plan. However, the relatively long intervals between backups mean that if something goes wrong, a lot of data is going to be lost.
Even though full backups are not done everyday, I would assume that some companies think they are immune to any attacks if they don’t do routine backups which would demonstrate carelessness on their part, because that one day they decide not to do a backup, could be the day disaster may strike from unauthorized users.
If your computer’s hard drive crashed right now, how could you reduce the amount of data that would be lost?
Cloud solutions are currently the most effective way of reducing the loss of data due to hardware failures. bring your files anywhere and any device truly reduced the amount of time and effort to back/restore data.
I think the most important rule is to make sure your backup files are not stored on the same device you’re backing up. Storing the files on a external storage device or using a third-party backup service that stores the backup on their systems. Either of these approaches will help reduce the amount of data that is lost if a drive crashes. Using a third-party backup service most likely will have a cost, but is more seamless than having to manually backup the files and maintain the versions.
The best way is to prepare a backup in advance. It can be in the cloud or other external drive to save important data every time when the user finished their work. If the user does not have any backup in advance, they might try to install a recovery program or hire a professional to repair the data.
My easiest personal solution would be to take all the files off my desktop, which I am notoriously bad about storing there, and saving them in OneDrive or on another cloud solution. This would allow me to log in to the cloud solution via the internet and access my files and data there. The files on my hard drive are backed up periodically but it would be a lot easier to ensure the data is routinely backed up and available with a solution like OneDrive.
It is important to plan ahead and have backups frequently or happening automatically before a crash does happen. Ways to reduce the amount of data lost are: set for data to automatically upload whenever connected to wifi into the cloud, this would help protect data real time. Secondly, planning for periodic file backups into an external hard drive at least once a month or every 2 months would reduce the amount of data lost in a crash.
The best way to minimize data loss in the event of hard drive failure is to back up your data to a cloud storage space. One option is to back up data to a public cloud such as Microsoft OneDrive or Google Drive. Another option is for an organization to host a file backup server on-premises. This could allow for automatic or manual back ups of data from client machines, or the organization could even restrict access to the local drives of client machines and map the file server as the default location for file libraries.
Have you ever had an experience, whether personally or at work, where you lost a significant amount of data due to lack of a backup, or due to bad backup policies?
I heard about one from my friend who was a graphic designer. He accidentally checked on a button to confirm to initialize the computer when he tried to convert the data from mac to pc. All of the data was gone. In the end, the company was able to find some of the data from the backup drive but not all of them. Therefore, he had to a lot of works all over again.
I work in a desktop support role in a large organization, and our policies do not enforce data backups from client machines. We have solutions available, like OneDrive, that can be configured to automatically back up certain local libraries, and we also have cloud storage services with shadow copy capabilities for shared folders. However, use of those solutions isn’t required and unfortunately we do run into situations where a local drive has failed and data is irretrievable from the machine.
What RAID configuration(s) do you think balances storage, efficiency, and factoring cost for organizations?
There is no one-size-fits all approach to RAID because focus on one factor typically comes at the expense of another. Some RAID levels designate drives to be used for redundancy, which means they can’t be used for capacity. Other RAID levels focus on performance but not on redundancy. However, the RAID 5 is the most common and best all-round RAID level.
Have you ever had a conversation with your IT team about keeping documents past the retention period? Did you explain the legal risk with keeping these files past the retention period?
Hi Mike, the legal risk of retaining documents beyond the retention period would only pertain to certain legally protected information. I’ve never had this conversation personally, but I’d imagine that there would be some lengthy, bureaucratic process behind it. As legislative bodies start to slowly catch up to the tech world, this will become a much bigger issue and discussed topic.
Hi Mike,
My organization is in the middle of an initiative related to unstructured electronic record retention requirements, basically a clean up of shared drives, SharePoint sites and any other place where unstructured electronic records are stored (other than personal drives….that is a different can of worms!). As part of the initiative, each department has to conform to a naming convention, create an information map and ensure documents are maintained in accordance to our organization’s records retention requirements. It is explained to each department the risks involved with maintaining data outside of the retention requirements, one of which is legal risk.
Anything in writing is discoverable, so once something passes its retention, it should be deleted (unless the file is on a “legal hold”). In addition, if files are not deleted timely and an abundance of files are saved, there can be delays with providing information requested from a regulatory perspective, which can lead to non-compliance. Another scenario is that an outdated document could be provided (i.e. a draft version vs a final version). This can be a critical error when a Bank is reviewed by a regulatory agency.
Has your data ever been hacked? If so, what measures did you take moving forward?
My data hasn’t been hacked luckily, but one my of relatives recently had some important tax documents scammed from her. We took a few steps to try and prevent this in the future. We bought her security software so every email she receives is scanned for malware/ phishing links. Since, in the scenario, a backup of the data wouldn’t be helpful, we really focused on education and helping her identify scams in the future.