Is Your Data at Risk?
The concept of data protection isn’t such a hard thing to understand. It’s safe to say that if you found your way to this blog, you know what data protection is. It’s interesting that although data protection is thought to be a very basic IT concept, we see companies with smart people take very big risks with their company’s data.
There are two categories I put these risk takers in: The first is the “It will never happen to me” category. I’m not sure there is anything I can do to help this first group. This is, frankly, reckless behavior, and I’m astounded that I still run into organizations that fall into this category. There is a saying, “Denial isn’t just a river in Egypt.”
The second category is admittedly the more common scenario. This group believes they are doing the right things. They have backups in place, a DR strategy and security policies, and they are blissfully unaware that they have gaps that could result in catastrophic data loss.
At the end of the day, both groups are risking their company’s data whether they know it or not.
Case in point is Code Spaces. I don’t know the individuals involved or have any insight into what category they may fall into, but the folks at Code Spaces’ fell victim to a nefarious attacker who, in a matter of hours, put them out of business by deleting their data in AWS. Here is an excerpt from their status page:
“In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”
And this resulted in:
“Code Spaces Status
Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility.
As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us.”
Sadly, this is not a unique situation. Companies can lose everything due to an attacker, natural disaster, data corruption, human error or even a disgruntled employee, to name a few. We live in a complicated world, and it’s not easy to think of every scenario and keep track of new and emerging threats.
So how can you protect your data? Here are a few tips:
- Get a second set of eyes on things. Conduct audits of your environment. Whether it is internal or external resources, you should be auditing your environment on a regular basis.
- Brainstorm DR scenarios. Asking “What if?” is very important. Don’t be afraid to get creative.
- Don’t just test your DR plans, practice them. The only way to become proficient at something is to practice. It’s not enough to validate that the steps in your DR plan are accurate, you need to practice DR scenarios to become proficient at implementing them. Things are bound to go wrong when you’re under pressure to recover from an event. With practice, you are more likely to overcome those obstacles and come out the other side.
- Update and validate after making changes. It is a very common mistake to forget to update and validate backups or DR plans after adding new systems or changing existing ones.
It isn’t possible to eliminate 100% of the risks to your data, and budgets often play a part in what is feasible in terms of protection. You can, however, reduce the risks. And by following these tips, you may close some gaps you didn’t know you had.