What is Data Loss?
Data loss is a topic that many people don’t like to think about and often don’t – until it’s too late. Data loss can be as “simple” as a corrupt Microsoft Word document that can no longer be opened. This may be fine if it’s an old college term paper that you haven’t needed since 1998. But what happens if it’s a 500-page book that you’ve been laboring over for the past six months? Or what would happen today if you suddenly couldn’t access the years of digital photos of your children, grandchildren, pets, and once-in-a-lifetime vacations?
For businesses, the threat of data loss can cripple operations. If the hard drive crashes in a mission-critical server, will you have the data you need in order to restore from a backup? If an employee clicks on a malicious link that encrypts every file on your network, how will you recover?
Unfortunately, we see these scenarios often. Usually, it’s during the aftermath of data loss, when emotions are running high, businesses are stressed out and fearful of what to do next. The good news is, that with a little preparation, data loss situations can be a small blip on the radar rather than a catastrophic event.
What is encryption?
One of the most prevalent data loss threats we see is ransomware encryption. A simplified definition of encryption means that a file is “scrambled” using a secret code or “password”. Once scrambled, the file (or files) can only be opened using the password, or encryption key, that was used to encrypt it. This is a good thing, if you are the one that is controlling the encryption. For example, you can use encryption on your laptop, in case it’s ever stolen, to prevent the thief from accessing private information stored on the hard drive. Even if they can access your hard drive, they can’t open any of the files without knowing your encryption password. This is a reliable, security tool used often. But what if the tables are turned?
Ransomware strikes businesses at an alarming rate. Your business can have the latest in anti-virus software, can have anti-spam filtering systems, but there will always be malicious emails that make their way to your inbox or the inbox of your employee(s). If the person reading the email doesn’t think before they click, that one click could encrypt every file on your computer or network, leaving you with locked files and no encryption key to unlock them. Every file!
In the event of data loss due to software/hardware failures or a widespread ransomware attack, businesses need to have a solid, tested disaster recovery plan in place to get operations back up and running quickly.
What is Disaster Recovery?
Disaster recovery is the list of steps your business will take to recover lost data and ensure operations are down for a minimal amount of time. So, where do you start? First, you need to ask, “What is the Recovery Time Objective (RTO) for my business?” In other words, how quickly do you need to be able to recover data? How quickly can mission critical systems be rebuilt or restored? Minutes? Hours? Days?
In the scenario of the writer who couldn’t access the manuscript, taking a few days or a week may not be an issue. But what if the data loss occurs to a credit union who needs to service its members continually and can’t afford to be down at all?
Which brings us to the next question to ask yourself, “What is the Recovery Point Objective (RPO) for my business?” Meaning, how far back do you need to go to get everything back up? If you are a financial institution, that recovery point will be at the exact point of the data loss event, so that no payments, deposits, etc. are lost.
The next step in Disaster Recovery Planning is to take a complete inventory of mission critical systems and data. Where is the data stored? Is it in a physical location or in the cloud? Which vendors do you rely on to perform mission critical operations? Think internet connectivity, business software, and don’t forget the phones!
Once disaster recovery plans are in place, testing (and testing often) becomes a crucial step in protecting your business. Technology changes, software changes, vendor changes, all impact the reliability of your disaster recovery plan.
It can seem daunting to plan for disaster recovery on top of all the other business responsibilities in today’s world. The good news is, you don’t have to go it alone. We have seen a lot over the years, we have strong relationships with your vendors, and we know your business. Don’t wait until disaster strikes to start thinking about data loss, encryption and disaster recovery – start today!