Serious, mission-critical data loss is a nightmare scenario for most businesses. If you have anything to do with data loss prevention for your business, you’ve probably spent time thinking of all the awful possibilities that could rob your business of its ability to compete in the digital economy. Natural disaster, hardware failure, power outage, malware, hacking, human error… the list goes on. But here are a few scenarios that we bet you haven’t considered. The scary part? They could easily happen.
Coronal Mass Ejections
Nope. This isn’t some sci-fi imagining or crackpot conspiracy theory – Coronal Mass Ejections (CME) are a real and present threat to your data.
A CME is essentially a burst of solar wind that erupts from the sun in correlation with a solar flare. Wind – doesn’t sound too bad, right? So space gets a bit windy, big deal. Well when that wind is actually a plasma-cocktail of high-energy protons and electromagnetic radiation (primarily x-rays), things get a bit more serious. For the biological inhabitants of the earth there’s no threat whatsoever due to our planet’s electromagnetic field, which protects us from the radiation. Unfortunately, the same can’t be said for our electrical infrastructure.
In addition to turning any and all satellites they cross paths with into worthless space-junk, CMEs can also cause a catastrophic overload on electrical power-stations down here on Terra Firma and result in long-lasting power outages. As anyone who’s responsible for data loss prevention knows, if there’s one things servers don’t like it’s a sudden surge of power followed by an extended outage. Not good for your data!
Okay, you ask, so why hasn’t this happened already? Well, it very nearly did in 2012.
Employee sabotage or social engineering
Everyone is on high alert these days for external hackers and malware that will break into systems to steal or destroy data. And these are legitimate threats that need to be accounted for in any data loss prevention strategy. However what also needs to be considered is your own employees, because all too often the breach will come from within.
Often, a vulnerability comes from either a disgruntled or negligent employee who compromises data security, whether knowingly or not. Perhaps they knowingly post secure information online after being let go from the company and a criminal takes advantage, perhaps they unknowingly open a malicious attachment in a seemingly legitimate email. However the employee error occurs, these kinds of breaches can often be prevented by ensuring that only the right people have administrative access to mission-critical data.
However procedural caution can still be undone by social engineering. If you haven’t heard of it, social engineering is a common way that threats, whether human or digital, gain access to systems. In short, it works off the principle that advanced computer systems are difficult and time-consuming to fool – people, on the other hand, are easy. Why bother writing a genius program that will unlock a secure database, when you can just trick the junior administrator into giving you the password?
SaaS/hosting vendor bankruptcy or malfeasance
Outsourcing your IT infrastructure to a cloud vendor or Storage as a Service (SaaS) provider can save your company a lot of effort. But you have to ask yourself, can you ever have complete trust that a third party will take appropriate care of your mission-critical data? What happens if that vendor goes out of business? What happens if they simply mess up and lose your data? Don’t think it hasn’t happened. At the end of the day, there’s nobody who cares as much about protecting your company’s data as much as you do.
Even more dangerous is placing full trust in a Backup/Disaster Recovery as a Service (BDRaaS) vendor. Because as long as you have secure backups, you can always recover from data loss. If you don’t, you can’t. It’s pretty straight forward, but we’ll go into more detail on this principle soon.
Remember when we said earlier on that ‘everyone is on high alert these days for hackers and malware’? Well, unfortunately that’s actually not nearly as true as it should be.
The sad fact is that all too many businesses assume that a malicious attack won’t happen to them. Maybe they’re too small to be an attractive target. Maybe they’re too big and secure to be breached. The reality is that all businesses are potential targets for cyber criminals, and adequate data loss prevention means ensuring your data is secure from this kind of threat. We covered this in greater detail recently in our crypto-virus article.
Data loss prevention with reliable backups
There are a wealth of ways to prevent data loss in real time and we won’t go into that in too great a detail here. Mostly, it will come down to policy, procedure and the right security applications in place. However, what is vital to remember is that even with the most flawless prevention strategy in place, data loss can still occur! That’s why having secure, comprehensive backups of all your systems is so vital to all businesses.
Are your backups up to scratch?