Top 9 Data Security Risks

Here’s the list of Top 9 Data Security Risks. I thought to rank them by them causing maximum damage.

Risk 1: Access to data by unauthorized people

§  Simple passwords should be replaced by stronger, multi-factor

    authentication passwords.

§  Password policy should be transparent throughout all the logins

    required. Passwords should be between 6-15 long, must

    include Upper case, lower case, Number and 1 special character.

Risk 2: Modification of data, by mistake or knowingly

§  Data integrity is the key to the success of any organization.

§  All data sent over the internet should be send using strong encryption

Risk 3: Corruption of data due to malware infections

§  Growth in internet usage has also seen the growth in malware

    infections which significantly contribute to data corruption.

§  Files should always be downloaded from reliable sources.

Risk 4: Internet Connectivity failure

§  Many Organizations these days have several applications over

    the Internet, in such a situation failure of Internet can lead to

    data loss.

§  Backup service provider should be if in case primary fails

Risk 5: Accidental data deletion

§  Backup should be taken regularly and should be done automatically

    with option to restore data from multiple versions

§  Several companies lack well-conceived data recovery strategies

    had to bear both financial as well as legal losses.

Risk 6: Loss of data due to Software failures

§  Pirated copies of software should not be bought even though

    these copies can be purchased at a lesser price.

§  Misconfiguration and incorrect software usage have created

    several issues.

Risk 7: Improper rights assigning

§  Every program and every user of the system should operate using

    the least set of privileges necessary to complete his job.

§  A unique ID and password should be given to each user. Users

    should be given read only access to the applications present.

Risk 8: Unauthorized Physical access to laptops, desktops by unauthorized people

§  Prevent unauthorized entries into the premises and other

    sensitive areas.

§  Visitor control procedures should be employed to restrict the freedom

    by which a visitor can access the premises.

Risk 9: Fire

§  Heat-generating equipments such as copiers, work processors, coffee

    makers and hot plates should be kept away from anything that might

    catch fire.

§  Sprinklers and fire/smoke detectors should be installed in storage

    areas.

Managing Ageing Data

I had this discussion with several of my clients stating they have old data of hundreds of GB’s on their servers and they hardly require them once or twice a year or even not at all. Some of them state they have written DVD/CD’s of that data as backup, but that data still exists on Servers which they cannot delete as DVD/CD's are prone to failure. Those data is occupying a whole bunch of space on their servers which they can utilize in storing their current data. Don’t get me wrong those data are critically important data but storing everything on a single server doesn’t make sense. Adding more hard disk to the servers is definitely one of the options available, but I would rather implement a different system

Find out age of your data. There can be

a)      Young data

b)      Old data

Young data is the one which is highly valued and may be required to access almost everyday or fortnight.

Old data is the one which is critical but may not be required in daily functioning i.e. data that is year or 2 years or more older.

For e.g. Accounting data which is current and previous year can fall in category of Young data.

Data which is older than 2years can be considered as Old data.

We are supposed to maintain those data for taxation and government rules. Next step is how to get a system which takes care of both Young and Old data.

The Solution

As we saw there are multiple tiers of data.

Young Data can be stored on higher performance servers or devices.

Old Data can be moved to less expensive or slow performing servers / devices.

The following shall be benefits of this solution

ü  Save Costs

ü  Gives faster access to young data

ü  Better security both for young and old data rather than relying on

    DVD/CD’s or any other failure prone devices.

ü  Access to both of your data anytime you require.

ü  Reduce backup time as Old data does not change frequently so you

    can take backup of the same once a month or once every quarter.

Maybe currently you are treating all data equally and storing them all on one data. Imagine, if a disaster occurs on your server, you might loose everything. Again, we increase overload on the server by storing everything on that same machine.

We have to learn to implement a system which shall differentiate between ageing of data.

5 Benefits of Branch Office Backup

I would like to discuss in this post regarding Remote Office / Branch Office Backups. Many of you have been looking for a solution for branch office data. Some of you have even stated if we can get instant access to branch office data which is reliable and cost-effective.

Branch offices may not be fully equipped with high-end servers which can cause issues related to security of data, but the information stored on those computers are equally critical. For e.g. a construction company may have multiple sites functioning at the same time. The computers at the site shall have all financial, drawings, maintenance records on their computers. The question is for an IT person or CFO sitting in their office how to get instant access to those data or get it on their servers and consolidate with their current data so that they have full picture in front.

One way to do it fast, easy and cost-effective is to go for online backup.  A piece of software is installed on those computers and once setup, it shall keep on doing backup to the remote servers. You as an administrator shall have access to those backups and get download those data on your servers. And that shall resolve your problem related to security of data and consolidation of data to get full picture.

Imagine the convenience of able to get data instantly! Rather than using USB sticks, Tape drives, External Hard drives or investing heavily in VPN setups.

Benefits of Branch Office Backup

1.       Instant Access to data

You can access data of any of your branches instantly! No need to wait for someone to send data and depend on unreliable media.

2.       Security of data

Your data is backed up and is 100% secured. No matter if your computer at branch goes down due virus, hardware failure or any other malpractice.

3.       No Capital Expenditure

No investments for servers or any other high-end network components. On top of that no maintenance specialist required. No VPN costs.

4.       No manual backups

Backups are automatic. Users do not require to remember to do backups. While they are using computer backups appear.

5.       Complete flexibility

Gather information from all branches and prepare your reports. No dependability on any branch staff.

Data Backup to Email Accounts

I have come across many small business people feeling safe to zip there important data and upload to their email accounts. According to them there are certain benefits rather than taking backup on a CD, USB stick or any other offline media.

Some of them have been listed below

·         Accessibility of data from any location with access to internet

·         Safe as hosted on external server

·         Cost effective no investment required

I would say they have thought one step ahead of people who are still using any of the offline data media to do backup but their data backed up is not safe, reliable and secure.

Backing up data to your email accounts does not give you guaranteed security. The following are features which are missing or not available for such backup.

1.      Manual Backups

Backups should be automatic else it defeats the purpose of backup. The backup process should be easy, convenient and fast. Transferring backup to email accounts is manual process, where in you have to zip files and upload, you may even miss your valuable files to be backed up.

2.      Unsecured data

Your valuable data that you have backed up has no security. There is no commitment as to your data shall be safe and shall be recovered in case of any natural disasters. Technically, your data should be encrypted before it leaves your computer and encryption technology used should be the same level as used by financial institutions.

3.      No support, nowhere to go

If you are unable to locate your uploaded files, there is no support provided. If you forgot password of your account you are locked. You can try to request for reset or alternate email address to recover [if you have set one up], but those are cumbersome processes and you may end up losing your data.

4.      Limited data backup

File uploads are limited. Some provide upto 25MB or some offer little bit more than that. But when you want to backup couple of GB’s of data that shall not work.

5.      File Versioning

No file versioning. Multiple file versions is where in you get option to save more than one copy of the same file. This can be useful in case if you have entered incorrect information in the updated data and want to restore older version of the same file.

6.      No Easy Data Restores

In case if you have to restore your data, you have to look for all the files you have uploaded. Imagine, if you have multiple files to restore its not easy. In case, of disaster your data should be available on a press of button.

I would say, if you are uploading your data better look for online backup service providers. The most important factor shall be Support provided by these providers. The Software provided by them covers almost all the important features for fast, simple and easily manageable data backups.

How to build Positive Attitude

My first blog for 2012. I was thinking what should it be about, should it be technical, something new that is coming from backup technology, or about a new product launch. But then I thought maybe it should be something which we shall require for rest of the year and for life. POSITIVE ATTITUDE.

Everyone almost knows about this, but as time passes everyone including me might have missed it somewhere. Stating this, I thought it shall be a good start for the year to refresh some basics.

The first thing for Positive Attitude should be to become good finder. Let's start looking for what is right in a person or situation instead of looking for what is wrong. Human nature generally resists change. Change is uncomfortable. Regardless of its positive or negative effect, change can be stressful. Sometimes we get so comfortable with our negativity that even when the change is for the positive, we don't want to accept it. We stay with the negative.

We need to feed our mind with the pure and the positive to stay on track. Through constant practice and exposure, we can learn the principles that make a person successful.

Following Steps can be implemented to build Positive Attitude

§  Continuous positive education leads to positive thinking.

§  Build positive self-esteem quickly, one of the fastest ways is to do

    something for others who cannot repay you in cash or kind.

§  Practice having positive thoughts and behaviour daily until they

    become a habit.

§  Be so strong that nothing can disturb your peace of mind.

§  Talk health, happiness, and prosperity to every person you meet.

§  Make all your friends feel there is something in them.

§  Look at the sunny side of everything.

§  Think only of the best, work only for the best, and expect only the

    best.

§  Be as enthusiastic about the success of others as you are about

    your own.

§  Forget the mistakes of the past and press on to the greater

    achievements of the future.

§  Give everyone a smile.

Read the life histories of people who have turned a negative into a positive, adversity into advantage, stumbling blocks into stepping stones.

Some examples:

§  Some of the best music was composed by Beethoven. What was

    his handicap? He was deaf.

§  Some of the best poetry written on nature was written by Milton.

    What was his handicap? He was blind.

§  One of the greatest world leaders was US President Franklin

    D.Roosevelt. What was his handicap? He served from wheelchair.

Accept Responsibility.

When people accept responsibility for their behaviour and actions, their attitude toward life becomes positive. People with negative attitudes will blame the whole world, their parents, teachers, spouse, the economy and the government for their failures. You have to get away from the past. Dust yourself off, get back into the mainstream. Put your dreams together and move forward. Thinking of the positive things that are true, honest and good, will put us in a positive state of mind.

Accepting responsibilities involves taking calculated, not foolish, risks. It means evaluating all the pros and cons, then taking the most appropriate decision or action.

Let me place an example here:

The retiring president of a company after a standard farewell, gave two envelopes marked No. 1 and No. 2 to the incoming president, and said, "Whenever you run into a management crisis you cannot handle by yourself , open envelope No. 1. At the next crisis, open the second one."

A few years later, a major crisis came. The president went into the safe and pulled out the first envelope. It said, "Blame it on your predecessor." A few years later a second crisis came. The president went for the second envelope, and it said, "Prepare two envelopes for your successor."

I shall end my blog here looking forward for a successful year for everyone.

What is Data Recovery

I have been discussing in my previous posts related to Data Backups. I shall be throwing some light on Data Recovery which is the reason we do should be doing Data Backups. Data Backup should actually be called recovery solutions because backups come to rescue when disaster strikes.

In the most simplest terms, “Data Recovery” can be described as process of recovering data from a hard disk drive, CD-Drive, USB sticks, external disks or any other media where the respective has failed.

There are many ways data can be stored:

§  Hard disk Drives

§  CDs or DVDs

§  External Disks

§  USB sticks

§  RAID Servers

No matter how reliable these products may be but any electronic device can fail to function. Over and above, there are other reasons for loss or inaccessibility to data. To name a few:

§  Accidental deletion of data

§  Mishandling of devices

§  Forgot passwords

§  Natural disasters like floods, fire

§  Formatting a disk

When data cannot be restored through any normal process, then comes “Data Recovery” process. Data recovery is the process to access safe, reliable data from that device.

The Data Recovery Process

Data Recovery can be simple in many cases and can be complex in certain cases. However any data recovery requires following general steps:

1.    Identity the media and find out the amount of damage. Many data recovery solutions companies can analyze and let you know if they can recover data. If the media is intact but maybe you have forgotten password for the device [like on a USB stick] you can try to recover using 3^rd party software’s.

2.    Estimate how much work shall be involved, how much data can be recovered and what cost shall be involved. Data Recovery companies might give you a flat-rate, but try to go in more detail. Does the data recovered is important or your vital data is still unavailable.

3.    Analyze the recovered data to be sure the data is useable and matches your records. Make more than one copy of recovered data.

4.    Return: Always get your damaged media back. No matter what state it is.

5.   Check the reason what caused the media to be damaged. Repair any electrical or mechanical reason e.g. power supply for hard disk failure.

I have come across many SMBs who want to implement backup system but unfortunately it is on a low priority, whereas it should be the other way. Only they take it seriously when disaster strikes and they need to run all around to get data recovered from nowhere

I shall be giving an example of one of my clients, which was a pharmaceutical company. Pretty healthy profit making company. One fine day, their Server Hard disk drive crashed. Unfortunately, the backup system in place was manual system and some one had done backup about 2 weeks back. They were in a situation where in from no where they had to recover data from that hard disk. They had contacted number of consultants, paid huge amount of money but had no go. Ultimately they send their hard disk overseas, where one company stated data can be recovered, it took 2 weeks of time and ofcourse price was huge, but with no option they had to agree to that. Their data was recovered but had to go thru lots of hassle.

I bet you backup solution if implemented would have been much cheaper solution and the amount of time in terms of value is unmeasurable.

To summarize, if backup has been done and that too on regular basis, you are guaranteed to recover your data.