A Short & Happy Guide to Privacy and Cybersecurity Law by Jon M. Garon

Author:Jon M. Garon
Language: eng
Format: epub
ISBN: 9781684679836
Publisher: West Academic Publishing
Published: 2020-10-15T00:00:00+00:00

4.System Backups and Managing Catastrophic Risk

One of the important obligations for any data security system is to keep the data secure from destruction as well as from theft. In recent years, the threat of ransomware has increased. Ransomware is a form of data intrusion in which all of a company’s information is encrypted without authorization. The hacker then ransoms the decryption code back to the company in exchange for a payment. Another threat for destruction of data comes from natural causes, including fire, flood, hurricane, blizzard, earthquake, or other catastrophic failure. Similar risks can occur from equipment and software failures, particularly for smaller businesses that rely on a single work computer.

Data suggest that companies often fail to recover from catastrophic data loss, even if the loss is not accompanied by physical destruction. The cost to business operations, revenues, and relationships can often be fatal for small businesses.

To manage the risk of both manmade and natural disasters, a company must have an established and tested data backup and recovery plan in place. At a minimum, this means having a very 170

recent set of duplicate copies of all data stored at a location other than the company’s place of business. This can be done through the use of backup media such as storage tapes. In the age of cloud computing, it is no longer difficult to find services that will store backup files off site and in multiple locations.

A system that includes true backups of data is essential to protect a business. Because of the threat of ransomware attacks, it is best to have one or more backups that are not merely synced copies of the active data. Synced copies of data are protected from hardware crashes and natural disasters, but software errors, intentional deletions, and unauthorized encryptions can travel across the synced formats and wipe out the secondary copies. Syncing is a partial solution, but it should not be the entire solution.

In addition, it is essential to test the backup systems before there is a catastrophic situation requiring data recovery. Backup systems have many settings, so a company needs to test the system when it is first configured to be sure it is collecting the correct data and that the restoration functions work properly. Moreover, because systems change, the steps to assure that the backup is working properly should be conducted on a regular basis. Depending on the amount of data and sophistication of the system, the process should be evaluated on anywhere from a monthly to an annual basis.

There are also smaller steps companies can take to avoid the necessity for disaster recovery. Installing uninterruptible power supply systems and backup generators can keep machines operable to provide additional time to plan for shutdowns. Cloud services that guarantee distributed service from multiple locations also help considerably.

Finally, despite the promise of a paperless office, keeping paper backups of critical documents and files remains a useful strategy to assure the integrity of data and provide a comparison to 171

the information stored on the computer system.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.