By Tom Miller
More than 1.9 billion records containing personal and other sensitive data were compromised between January 2017 and March 2019. That’s according to the latest EY Global Information Security Survey, and a sobering reminder why businesses of all sizes must act fast to secure their operational and customer data.
Here is a simple five-step data protection plan to get you started.
1. Set a strategy
Your data protection strategy is not just a blueprint for how your organization will handle data backup, it’s also an action plan your team can follow in the event of a security breach. It should be a written document that sets out your specific data backup policy and procedures, and answers questions such as:
- How long can you go without the lost data?
- Will you be making full backups or incremental or differential backups?
- How quickly will you need data restored?
- What devices will you use?
- How secure do your backups need to be?
- How long do you need to keep the data for?
Your strategy should also clearly set out your data protection measures – such as limiting staff access to sensitive documents and implementing two-factor authentication – along with a step-by-step action plan your staff can follow immediately following a hacker attack or other data security breach.
2. Select a cloud vendor
If the building burns down, your onsite backups might go the same way as your primary systems. You should think about offsite or cloud backups as part of your plan. A wide range of vendors offer cloud-based data backup systems that are easy to use and are often significantly cheaper than maintaining your own internal data storage hardware. However, it’s important to do your due diligence when selecting a cloud service provider.
First, confirm that the provider’s cloud platform can be easily integrated with the software applications you use, to ensure seamless data transfer between your internal systems and the cloud storage platform. You’ll also want to question cloud vendors on their data management and protection policies, and the measures they have in place to secure your stored data.
3. Prioritize your data
How much data can you afford to lose? Catalog the data whose loss would have the biggest impact. Break data into categories and work out how old you are happy with the backups being in each category.
Also consider how long you can go before your data is restored. The answer to this question will be different for each of the categories of data you identified. And it will inform your decision about what backup systems you need.
4. Implement a BYOD policy
If your employees use their personal mobile phones, tablets or laptops for work, you’ll need a Bring Your Own Device (BYOD) policy. This will set out security procedures for employee-owned devices and help to protect your business data.
Ensure that all employee-owned devices are equipped with the latest anti-virus, anti-malware and anti-spyware software. You may also want to invest in a good mobile device management solution, and set up remote wipe functionality so you can delete business data from employee-owned devices if the employee is terminated or their device is lost or stolen.
5. Take a picture
Do not just set up to backup data. Image backups capture your whole system so that you can restore everything. That includes your operating system, applications, settings, bookmarks, and file states right before disaster struck.
Disk image backup is an effective way to protect and restore your data in the event of hardware failure, software corruption or accidental deletion. The latest versions of Windows feature built-in system image backup functionality you can set up yourself, or talk to a disk imaging vendor about a cloud-based solution.
Tom Miller has been working to deliver technology solutions for nearly five decades. At first selling mainframe computers, then opening a business providing automated client write-up services to CPA firms, then owning an Apple Computer store, followed by working for Great Plains Software, Microsoft, Sage Software, and now Net at Work. Tom has a passion for helping businesses and organizations utilize technology to unleash their full potential and has a great appreciation of and respect for the CPA profession and community.
Tom is the proud father of three and grandfather of three more and cherishes time with his family. He is a graduate of the Smith School of Business at the University of Maryland, College Park. He can be contacted at: [email protected]