How often do you pause to think about data? When did you last ask yourself:
- How reliant is my business on data?
- How long could the business cope without access to data?
- How robust and resilient is the data infrastructure?
- How secure is the data?
- How compliant is my data management policy?
We’re all accustomed to terminology such as “data backups,” “antivirus” and “cyber security”. When we think about the safety of our business data, these are the terms that are commonly discussed. Are they familiar to you?
Do you feel that, if you have a data backup routine in place and an antivirus application installed, you’re covered and protected from potential threats and corruption?
The new reality
The new reality is centred around “data management”. It’s not good enough anymore to have basic peripheral protection in place for what is probably your most valuable asset. In a connected world that creates an expectation of instant gratification and complete transparency, exposure to malevolent and criminal invasion, and the potential for litigation, you need to have a data management strategy in place.
What does data management involve?
- Knowing where ALL your business data is located – i.e. on servers, laptops, desktops and mobile devices.
- Knowing how much data has been duplicated across multiple locations and which the most current version of the data is – i.e. are different people updating different versions of specific data such as spreadsheets and word documents? And if so, have you considered the opportunity cost of basing management decisions on incorrect or conflicting data?
- Knowing what the cost of data duplication is – storage and computing power costs money so if you can properly manage company data, you’re bound to save money.
It’s absolutely essential to ensure that all your data is protected from all forms of cyber threat. Traditional antivirus solutions are only effective against known threats – malware that was created yesterday and discovered last night! What about the malware/ransomware that was released this morning in the so-called “zero-day window”?
An effective data management strategy should encompass an intelligent cybersecurity solution that’s hosted in the cloud with full online console management facilities.
An important element of data security encompasses effective patch management. Cybercriminals use automation to seek out and infiltrate vulnerable networks and devices. The most vulnerable environments are those with unsupported operating systems (Windows XP/95 anyone?) and those where application and operating systems have not been updated with the latest security patches. Having unsupported and unpatched devices in your company is akin to going away for the weekend and leaving your front door open and the alarm deactivated!
Ensure your partners, colleagues and employees understand the value of company data and the common ways that data is compromised (be sure that this is detailed and agreed to in all employment contracts). In reality, most data comprises are caused by employee ignorance, negligence and sabotage.
A colleague was recently the keynote presenter at a conference of business professionals around the country. The delegates in total numbered around 400 people. He was stunned when a show of hands in response to the question “how many of you regularly backup your data?” reflected that more than 60% of delegates DON’T regularly run data backups.
Don’t be in the “it’ll never happen to me” category! The sustainability of your business could be dependent on the ability to restore a recent version of critical data.
Data backup is a critical component of data management. The most effective, most reliable and safest way to backup is to implement an automatic, encrypted, cloud backup solution.
If you feel it’s important for business continuity that you’re able to easily access business applications and continue transacting in the event of a business interruption or disaster (such as a natural disaster, theft, a cyber attack or equipment failure) with almost no disruption or downtime, then you need to consider a disaster recovery strategy.
The availability of a DR (disaster recovery) process is almost the highest level of data management. A fail-safe DR solution will enable your business to carry on regardless of all but the most serious of disruptive events (events that render an entire business community unable to communicate).
For more about why disaster recovery is important, read the blog to learn about the key elements of DR.
If you’re not managing all aspects of your company’s data, it’s highly likely that you’d fall foul of any compliance legislation if you underwent a compliance audit.
Personal and corporate private information is a new global currency – and EVERY organisation retains large volumes of private and potentially sensitive information in the form of electronic data. With reference to my comments about discovery and security of data above, it’s becoming more and more important to be aware of:
- which private data exists in the company domain,
- exactly where this data resides and whether the data is duplicated in multiple locations,
- how secure this information is and what level of authorisation is in place to be able to access and use the data.
In addition, existing European GDPR (General Data Protection Regulation) and pending South African POPI (Protection of Personal Information) legislation confers clear rights on individuals to require organisations to properly secure their private information and to know what information is being stored (and for how long it will be retained). Privacy legislation exposes non-compliant organisations to crippling fines and sanctions. If you don’t have an effective data management policy, it becomes really difficult to be compliant.