Backups and the 3-2-1 rule
Backups should be the foundation of any data security regime. A typical best case backup policy will follow the 3-2-1 strategy. This means an organization will keep three copies of important data sets. The backup administrator should use at least two storage media formats. And one of the data copies should be kept off site. 3-2-1.
Setting up your backup hardware correctly is a must. Best practice means backing up all essential data, without detritus such as operating system files, applications and other things that can be installed afresh. This will ensure compact, fast and efficient backup operations. Once a backup system is in place, users can implement various backup methodologies and mix full backup, incremental backup and differential backup techniques, as supported by many popular solutions.
Some computer system users may also periodically backup full systems using disk imaging software. This allows any adversely affected user to quickly get back up to speed after a catastrophic event (e.g. significant hardware failure or ransomware victimhood).
Considering backup media, currently organizations might use a portion of a server for data backup purposes. The server will usually be populated with HDDs and SSDs. Smaller businesses might use a NAS (Network Attached Storage) device, or an external HDD or SSD, or even flash drives, tapes, or optical media.
Lastly, always remember that at least one data backup should be maintained offsite. To implement an offsite backup, you could have an employee take a backup drive or tape home every evening, or maintain a NAS at home.
Consider the cloud
You’re probably already aware of the cloud. The cloud is like a NAS that is owned and maintained by an internet service giant such as Amazon, Microsoft or Google. Our phones usually come with cloud storage options. Apple users get pestered to sign up for iCloud plans, and Android users for Google Drive.
What you may not know is that there are also business-tailored accounts for cloud storage. They come with greater disk quotas, business appropriate pricing, and useful complementary services. In addition to mobile offerings from Apple and Google, popular cloud storage providers include Amazon AWS, Microsoft, DropBox, and Box.
There are advantages and disadvantages to using cloud storage. The largest advantage to using the cloud from one of these companies is that the data stored on the cloud will be protected by the backup policies and redundancy offered by the service company. Also, the integrations with modern OSes, applications software and add-on services can provide more efficiencies.
Drawbacks of using a cloud provider include: the cost per GB storage, potentially slower backup / restore speeds, and the additional security concerns of having your data in the cloud.
Your data is a very valuable resource, not just to you, but to others. Therefore, implementing a stringent cyber security policy is recommended. For comprehensive protection, the policy should cover your IT network from the user all the way to the cloud.
It's important to have all of your devices fully up to date, a patched OS, with an active virus and malware checker, and a properly configured firewall. Similarly, other IT equipment on the network needs to be rigorously maintained.
System administrators can also minimize your IT equipments' exposed attack surface by locking down systems with regard to app installation, domain access, ensuring a strict user-access policy with minimal privileges, implementing a VPN and more.
User authentication is essentially part of an organization's overall cyber security policy, but is worthy of breaking out as a topic on its own in 2023, with so many options available.
One of the ways that a malicious actor might gain access to your systems or one of your devices is by stealing user credentials or otherwise spoofing user authentication. After a successful breach, your data could be at risk.
Traditionally, system administrators (sysadmins) might enforce a range of password policies to lock down devices and networks to the intended users. However, in 2023 most devices can offer the convenient option of biometrically secured user authentication. This changes the security barrier from something you know (password, PIN) into something unique to you (fingerprint, iris, facial recognition). Combined with OS support, app support, and FIDO authentication support online, the new biometric age is a considerable leap forward for secure, fast and convenient user access. Moreover, those wary or unsure of their devices' biometrics can still add them to a multi-factor authentication regime for added assurance.
You might have office personnel closely following instructions regarding password length, password update frequency, and even biometric security. However, this doesn't mean more can't be done to secure this attack vector. In the cyber security section above we mentioned that users should be affected by system policies that only allow them to do what is necessary for their job function. So, for example, someone could reasonably be restricted from accessing certain directories on the company server, and not be allowed to plug in random USB devices, install apps, or change important settings in browsers or email clients etc.
Personnel should also be trained to be wary of human-targeted threats like (spear)phishing, common email tricks used by malware distributors, social engineering attacks by messaging, phone or email, or finding and plugging in random 'lost' USB sticks.
As with the personnel attack vector, something to be wary of outside of the digital domain is the physical security of your premises. Efforts in securing computer system and network security may be nullified by a threat actor who can physically breach your premises.
For example, a mischievous office visitor would install cameras, microphones, or connected devices within your office for user / system monitoring or data harvesting. They might also find it easy to install one of the many varieties of malware on one of your office computers via easily concealed thumb-drive, or from connecting up a smartphone.
If your business uses Windows, it isn't very difficult to set up security policy settings that will help cover some of the risks mentioned above. Apple Mac administrators also have a wide range of security related configuration options to help lock down systems against unwanted additions or modifications.
Hardware, firmware and software updates
One of the many important jobs of a person or persons who look after an organization's IT equipment is making sure everyone gets the latest relevant updates. Updates will usually be required across hardware, firmware and software, and typically hardware updates will be the least frequent, followed by firmware, and software updates might be very frequent.
Hardware updates may be part of your business investment cycle, perhaps occurring every five years. These PCs and components you will use for half a decade or more will sometimes get firmware updates, fixing and patching BIOS files to improve performance, compatibility, and shutter vulnerabilities. It is generally not recommended to upgrade firmware unless the vendor urges you to do so by mentioning that the update patches some critical vulnerabilities. Firmware fixes therefore should be generally viewed from the perspective of "if it ain't broke, don't fix it."
Software updates are the most frequent and are very important. Operating systems like Windows, macOS and Linux get frequent updates pushed to them, and you will find some of the apps used in your organization also get patched quite frequently. While it is good to quickly update to patch security vulnerabilities, there have been occasions where the fixes require fixing… In 2020 it was widely reported that Microsoft's KB4532693 update deleted user data. For some, "dozens of gigabytes of data," were lost, at least temporarily. Thus, experienced and wary PC users often like to wait for a few days or weeks after an update, check for user feedback, and then apply the update.
Disposal of old IT equipment
Above we mentioned a typical hardware update cycle. This isn't just a job of choosing, buying and preparing new computers, components and peripherals. At the same time, the old equipment will usually head off to a recycling facility.
If one of your business computers were taken off premises today, a recycler or user of the old device might be able to unearth the valuable data that persists, usually on fixed storage devices like HDDs and SSDs built-into the device. Securely deleting data from these devices can be time-consuming and may not be 100% guaranteed to remove every last scrap of information. This usually time-consuming 'secure wipe' process means that some organizations will prefer to physically destroy storage media, and devalue their old IT equipment's resale price.
Use encrypted drives for critical data
Drive encryption is increasingly popular among all computer users from enterprise, business to personal users. Modern OSes sometimes support encrypted data drives, which will help make sure your data remains safe even if someone steals your laptop, for example. It would also be useful in the above referenced old equipment disposal situation, where desktops may be sent to recycling - only someone with the system user/pass would be able to access the data if they try the storage in another computer.
One of the most popular uses for encrypted drives is for external HDDs or SSDs. The easy portability of modern high capacity drives makes them prone to loss or theft, so strong data encryption makes them less worrisome to misplace.
Probably the best external encrypted drives use built-in hardware and security, so they don't need a particular OS or app on a system for authorized read / write access. SencureData currently offers a range of encrypted external driveseatures. Our encrypted drives come with managed or unmanaged options, are OS/Host independent, are hardware-encrypted, and work seamlessly on any device with a USB port. They use AES 256-bit XTS hardware encryption, are FIPS 140-2 Level 3 validated, and come with advanced features such as geo-and time fencing, and the ability to auto-lock and remote-wipe.
File repair and data recovery software
It is reassuring to know that if the worst does happen, and points one through nine above haven't strictly been adhered to; there is still a chance to recover valuable data intact via file repair and data recovery software.
Secure Data Recovery is an expert in data recovery services and software. Our SecureRecovery for Windows application can analyze and recover data from a very wide variety of media types (e.g. HDD, SSD, flash storage). Moreover, our solution is adept at rescuing customers from incidents like deleted files or folders, damaged partition table layouts, lost partitions, corrupted file system metadata, or even completely reformatted file systems. File systems including NTFS (including compressed and EFS encrypted data), HFS/HFS+, FAT16/32, and exFAT are supported by the software.
We also recognize that sometimes files aren't deleted or otherwise missing, but instead have become corrupted. These files might represent a lot of work, and it can be hugely frustrating for users to try to open these files but not be able to see their documents fully formed or intact. Secure Data Recovery has a host of recovery and repair applications which target specific file types which may be giving you trouble. Application categories covered include: popular Office apps (Word, Excel, Access, etc), creative application data files (Photoshop, Publisher, Powerpoint etc), as well as tools that target data files from backup programs, email apps, databases, and server files / directories.
We hope you find this article detailing our 10 essential data security tips for businesses helpful. Following or implementing any of the security advice bullet points should be viewed as a worthwhile step forward. Implementing and understanding more points will help minimize the chance of the worst case scenario of important data vanishing into the digital ether forever.