The Reality of Data Security and Data Loss
Because data is not tangible, it can be easy to lose. There are many reasons data loss can occur, from simple misclicks to more sinister network breaches. Usually, businesses need to dip into their data repository to recover information when there is a data loss event, such as:
- A cybersecurity breach
- An IT malfunction
- Accidental deletion of data
Technical Faults or Glitches
While glitches are becoming less common as technology evolves, they do happen. The customized features of Office 365 offer a lot of benefits. However, custom designs, solutions, workflows, branding and other modifications to user facing sites introduce the potential for technical faults and glitches, meaning customization may need to be rolled back once errors have been found.
Data loss by technical fault is also caused by hardware and software failures, firmware bugs, data corruption and loss of power. These issues can be unexpected and unanticipated, seemingly occurring out of nowhere, which means businesses are not well prepared to recover from them.
To make matters worse, technical difficulties can impact more than just data. Depending on the system affected, data loss can result in hours, or even days, of downtime. Disaster recovery plans are necessary to plan for redundant systems as well as redundant data if the worst should occur.
Rogue IT Administrators can Lead to Data Loss
IT staff are the gatekeepers to the data repository where data is stored. However, a disgruntled IT manager could purposely delete or steal information. This can account for up to 10% of data loss globally.
This type of data loss can be due to intentional corporate espionage or opportunistic individuals who sell corporate data for material gain. According to Information Age, this type of data loss is likely under-reported as companies don’t want to appear suspicious of their own employees.
Administrators have a great amount of power over company data, and, while not common practice, can download personal copies of data and delete the corporate files. When it comes to data management, unfortunately businesses need to consider all potential threats, both externally and internally.
User Error/Accidental Deletion Data
User error was the most common cause of data loss until 2016. Employees may accidentally delete an important folder, or forget to save changes to a presentation they’ve been working on for the past several hours. It happens to nearly everyone at some point.
Users are also the culprits when it comes to unintentional data leakage while participating in shadow IT. While many apps and services are useful and do indeed help employees do their jobs better, these tools are not within the safe haven of the company network. Outside services are unchecked and unmonitored. Users could unwittingly put sensitive company data at risk while simply trying to increase their own efficiency, creativity or productivity. A Frost & Sullivan study found more than 80% of survey respondents admitted to using non-approved SaaS applications in their jobs.
Users have a habit of working around the solutions provided by IT. This means data that would ordinarily be part of the corporate knowledge repositories (SharePoint sites, Groups, news feeds, etc.) is stored in personal mailboxes and OneDrives. Let’s not forget how easy it can be to lose this data as well. When an employee retires or leaves the organization, OneDrive and Exchange data can be wiped out by simple retention policies. This can lead to losing valuable information.
Accidental deletion due to user error is common. Users can easily delete data and conversations in SharePoint, Groups or teams. They can also overwrite versions of existing data. That’s why it’s important to keep track of data and monitor future discovery requests.
You can easily recover employee data as long as a third party solution is in place.
If user error is the most common culprit of data loss, cybercrime is the most frightening. According to the Identity Theft Resource Center, U.S. companies and government agencies suffered a record 1,093 data breaches in 2016, a 40 percent increase from 2015. Cybercriminals are generally:
- Profit-seeking cybercriminals
- Adrenaline-seeking hackers
- Strategy-seeking nation-states
Their attacks come in many forms as well. Targeted, personalized email scams (called phishing) can fool end users into clicking on a nefarious link or opening an infected attachment. Many of these emails are now gateways to ransomware, such as the widespread Petya, NotPetya and WannaCry attacks in 2017.
Ransomware allows cybercriminals to hold data hostage until they receive a payment (which can sometimes be thousands or millions of Euros). For example, Danish shipping company Maersk fell victim to NotPetya ransomware. This reportedly cost the company upwards of €250 million (Muncaster, Maersk Admits NotPetya Might Cost it $300m, 2017)