You know the scenario. You’ve spent years building up your iTunes collection, invested hundreds of pounds on music, films and e-books and suddenly it’s gone. Hard drive error.
“Don’t worry,” says the IT guy. “You’ll be able to restore your files from your back-up copies.”
It’s at that gut-wrenching moment you realise you don’t have a back-up. Luckily, in the business world firms are taking data back-up more seriously but many don’t appreciate the risks of insecure data back-up. The regulator has highlighted a lack of consistent procedures and awareness of data back-up and how safely it is held.
This shows the need for due diligence on a third party entrusted with storing backed-up data.
Many firms don’t consider encryption as part of their strategy – a problem compounded when the back-up is held offsite, across multiple servers and accessible over a third party’s extranet.
Data should be backed up to multiple locations and encrypted in transit, whether transported physically or electronically. Access should be restricted with strong authentication mechanisms to approved users. Encryption should be applied to sensitive information to mitigate the risk of data leakage and unauthorised modification.
Enforce robust security policies and you will start to get a clearer idea of how your data is protected. It may be over the top to go this far with your copy of London Calling by the Clash but you can’t be too careful with your customers’ data.