Data loss is getting worse. Businesses and other organizations are losing their content 24/7 throughout the globe. Cyberattacks on elections, intelligence agencies and the highest government levels make the news every day. Attacks on big business – Target, Sony and more – threaten the identities of employees, customers and stakeholders. Yet, small businesses have become the easiest data bank to rob.
The Size Of The Problem
What you see in recent research is some confusion about the size of the problem, but it's bad. And, while these figures average the largest numbers, you cannot underestimate the cost to small businesses, which often don't report their problems.
As far back as 2003, David Smith, Ph.D. writing for Pepperdine’s Graziadio Business Review, said, “Although it is difficult to measure with precision the cost of lost data, and the analysis is sensitive to the assumptions that underlie its calculations, there are several reasons to believe that $18.2 billion is a conservative estimate.”
In 2014, Mashable reported, “For smaller businesses, data breaches don't only mean a potential lawsuit — they could mean bankruptcy. In fact, 72% of businesses that suffer major data loss shut down within 24 months.”
In 2016, Fortune referenced a study done for IBM stating that, “On average, the cost of a breach has risen to $4 million per incident… Last year, a similar study found the average cost per breach to be $3.79 million.”
Most of the losses are due to hardware failure, human error and software corruption. Each of these issues can be reduced by comprehensive strategies of data loss prevention (DLP). Such planning integrates firewalls, deep training and features amped up security.
DLP measures can help. But, they haven't been fully up to advances in cyber technology. Cyber thieves have the time and ingenuity to outpace security measures. Employee error – deliberate or accidental – remains responsible for a third of the data loss incidents. And, mobile access has only complicated that.
“You can have all the right technical security measures in place, like email encryption and DLP,” said Hoala Greevy, Founder CEO of Paubox. “But human error can never be totally eliminated, even with the best policies and training. That’s why you need to have both a prevention and recovery plan in place.”
How To Recover The Lost Data
Recovering the lost data is only one aspect of the necessary remediation following data loss events. Recovery is a time- and labor-intensive process with significant cost attached.
If it’s a hardware problem, your hard drive has probably failed, as they all will in time. It’s an inevitably harmful result if you don’t have some measures (like those that follow) in place:
In-house IT technicians should monitor, update and replace hardware as required.
A backup policy, practice and discipline will offer you a fallback position.
A formal disaster recovery plan needs practice and testing on a regular schedule.
The disaster recovery plan must integrate a data recovery module.
Any recovery plan needs a communications tree that includes experts on data recovery.
If it’s a small business, David Howell at Techradar.com recommends taking several steps before launching any recovery effort. They are:
Determine how valuable the data is, asking if it's worth the cost of recovery. You need to prioritize the values. Intellectual property, financial records and personnel info must be restored.
Check your existing backups. For example, if the data has been backed up on cloud-based locations, then you can spend time (but not expense) on the recovery.
Invest in software solutions to recover the lost files.
Top-rated data recovery software deals include:
Data Rescue PC4 is an award-winning data recovery software for PCs. It scans the unit in question for the type of data you lost. This software promises to work on all hard drives even if they're only partly operational or corrupted. It'll recover all material or just the records you select. Or, you can clone the primary hard drive to create a byte-by-byte replicate.
EaseUS Data Recovery Wizard Pro is available for Windows, Mac, iOS and Android platforms on a free trial. Among its features is partition recovery for restoring data accidentally deleted, damaged or in hidden partitions. Another plus is its promise to recover RAW hard drives following severe corruption from a software crash, virus attack and more.
Kroll’s Ontrack EasyRecovery is a packaged, DIY recovery software that relatively easily retrieves your missing files. It will also protect and erase. Not only will it work to recover your data, but it also protects and erases, thereby ensuring that it's an all-inclusive data software suite. They provide additional services for the most serious breaches.
Homeland Security has listed several available resources in the event of a data loss at Ready.gov. They are:
Computer Security Resource Center where the National Institute of Standard and Technology (NIST) offers readings on computer/cyber/information security and guidelines, recommendations and reference materials.
Contingency Planning Guide for Federal Information Systems presents three sample formats for developing an information system contingency plan based on NIST guidelines for industry, government and business operations and low-, moderate- or high-impact level cyber events.
Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities is another NIST document offering guidance on designing, developing, conducting and evaluating test, train and exercise recovery plans (TT&E) so organizations can improve their ability to prepare for, respond to, manage and recover from adverse events.
Building an Information Technology Security Awareness and Training Program is a NIST recommendation for federal agencies. But, the many small businesses that do work with federal agencies benefit from complying with such guidelines. The document urges users to base planning on an understanding budget and other resource allocation, organization size, consistency of mission and geographic dispersion, as well as mobility of the organization.
Any data loss recovery strategy must consider the integration of multiple overlaying systems. Any one system can go wrong. And, the failure of any one system can lead to the failure of other systems. But, solutions for one problem may not affect other systems.
Any strategy must consider the condition and security of the computer room with its climate, power supply and mechanics. It must support the organization’s hardware, its desktops, devices and peripherals. It must also study the connectivity on fiber, cable and wireless sources.
The problems could be with software applications, emails, resource management and other in-house systems. And, there must be an appreciation for the size of the data, its complexity and priority.
Finally, a good relationship with your vendors and service providers will help in emergencies. You should use their resources. Once you establish the size and value of the loss, contact them for support.
Any data loss is a business problem. It takes time and resources to fix. It can be as small and as easy to fix as a deleted or overwritten Word document or the result of a massive cybersecurity attack. But, the data lost exists somewhere that technology and professional advice can restore. What a business must do is plan for the problems, small or large.