Is your backup a safety precaution, or a dangerous practice?
The workforce today is a mobile one, working where and when they choose – fact. Indeed, many organisations have even started issuing laptops in preference to the standard desktop PC. However, as always, every positive must have a negative, and this practice is no exception – the battle is to mitigate against these negatives before they can do any damage.
Historically organisations tended to ignore data transported on mobile devices almost treating it as a second class citizen – out of sight out of mind. However, today that mindset has changed as data breaches continue to make headlines the world over, more often than not, caused by lost or stolen devices. According to the Ponemon Institute over 3500 laptops go missing every week in European airports and with the average cost of a data breach to an organisation in the UK currently at £1.7 million, it isn’t surprising, then, that the resulting clamour has seen data firmly pinned to the hard drive, often with encryption. Yet there is still one area that seems to be slipping under the radar.
Back It Up
It has taken time but today it is common practice for an organisation to back up its enterprise, yet often the same courtesy is not extended to mobile devices. Why not? Surely the same rules apply!
- Firstly, we back up in case of hard disk failure – an all too often occurrence with some laptops especially when you consider hard disks were originally conceived as a device to be used in climate-controlled server rooms and thus are the most likely part of a laptop to fail;
- In case you accidentally delete a vital file – now you’d never do that, would you?
- Finally, and in fact the strongest rationale, is in case these travelling filing cabinets go missing in action – and they do, the Ponemon stat above wasn’t plucked out of thin air, and let’s not forget those that are stolen
Although an important function, back ups should be given the same respect as the mobile device they’ve been taken from. A case in point is the recent news story regarding staff data spanning more than five years at the Arkansas National Guard that went missing on a back-up drive. The archival drive reportedly contained the names, addresses and social security number details of at least 15,000 current and former members of staff as at March 2009, and spans back to the start of 2004.
Just as, in recent years, there has been a revolution in the type of computer that people are using, there has also been a revolution in the way people use portable storage. Pocket sized USB storage devices and portable hard drives can be many gigabytes in size and, in principle, are a perfect medium for backing up these mobile warriors. However their attraction is primarily their size and it is for this very reason that they too pose the risk of going missing in action – perhaps even more so. If they do not have security built in then you may as well print all your sensitive data and leave it on a train as the risk to an organisation of data being recovered when one of these devices is lost is as substantial as the risk of data being recovered when a laptop computer is lost – it’s the same data after all.
Although the laptop may include encryption to protect its sensitive cargo, if the data is backed up to an external storage device the likelihood is that it will have been transferred unencrypted and therefore left exposed and available to prying eyes. To be truly secure backups should be made to an external hard drive that includes, at the very least encryption, and ideally includes some form of password protection, such as a PIN access touch screen interface to provide an added layer of security and therefore added assurance that all data stored on the hard drive is protected from unauthorised access.
The back up is supposed to be a protective weapon to ensure a lost or broken mobile device isn’t the end of the world – it would be pretty pointless if the back up became the one to blow your security wide open.
The author is managing director at Origin Storage.