As your organization’s CIO, you’re tasked with protecting critical systems from data loss and downtime. Few responsibilities trump the importance of ensuring that your systems are set to handle any problems they encounter. Yet, human error and hacking attacks, rather than the actions of uncontrollable Mother Nature, are responsible for the majority of data loss incidents, and downtime.
In a study by GCN, Uninterrupted Power Supply (UPS) failure accounted for a quarter of all data center outages, while other IT equipment malfunctions accounted for only 4% of all outages. Utility failure, such as water, heat, or air conditioning systems, totaled around 11% of outages, while weather phenomena and generator failure accounted for around 6%. What’s most interesting, however, is that both cybercrime and user error account for approximately 22% of all data center outages – each. Furthermore, according to a study performed by CIOInsight, 32% of these outages resulted in significant data loss. Clearly this is an issue that needs to be addressed.
The Human Factor
According to a separate study by FacilitiesNet, human error is responsible for (to at least some degree) anywhere from 60-80% of data center downtime events every year. Why is this the case? The simple answers are that people are only human, and that accidents happen. Here are some common ways that an employee could accidentally cause a data loss incident – including some that may not immediately come to mind when thinking of data loss.
- Device loss or theft: How often do you hear of people losing their phones and having to get new ones? For some, this can seem like a regular occurrence. However, losing a smartphone due to hardware failure or destruction is much different from losing one due to employee negligence. If the device isn’t encrypted, that data can potentially be stolen; data that you’ll probably never see again, unless you have a backup ready to deploy.
- Improper training: If an employee hasn’t been trained on how to properly access data, they may accidentally move files or delete them unknowingly, leading to data loss. Therefore, you need to take extra care to ensure that employees have gone through a rigorous onboarding process, complete with technical training on how best to access (and protect) your business’ important data systems.
- Unauthorized access to sensitive data: Again, you need to make sure that your organization’s employees aren’t accessing data that they have no business accessing. In general, it’s a best practice to limit data’s exposure to threats by keeping it tucked away from your average end-user, and to keep a close watch on your user access logs to ensure that there’s nothing out of the ordinary happening.
- Neglected maintenance: If your team is being worked too hard due to a change in the workforce or workflow of your organization, they’re more likely to forget to perform simple maintenance that could eventually lead to system failure. Ultimately, this could mean both data loss and downtime for your organization.
Other Everyday Occurrences
Even if user error and cybercrime are the primary causes of data loss, you still can’t forget that natural disasters can seemingly come from out of nowhere. All it takes is an unexpected power outage to fry a portion of your data. Electrical storms can be caused by forces of nature beyond our control, but even something as simple as a telephone pole going down due to a windstorm or a traffic accident could be enough to cause data loss. What we’re trying to explain is that it’s not a matter of if your organization will experience a data loss incident, it’s a matter of when it will. Therefore, it’s your responsibility to ensure that you’ve prepared your infrastructure well for these incidents.
What You Can Do
The first thing thing that your business should do is forsake that outlook of “It’ll never happen to me.” Be realistic and expect the worst to happen. It’s the only way to put together a bulletproof plan to handle data loss and downtime disasters that could sink your business. Some suggestions to get you started include:
- Increase awareness of data security and best practices.
- Implement two-factor authentication.
- Develop a BYOD policy.
- Limit data access on a per user basis.
- Take regular backups and store them off-site.
- Create a workflow for data management that’s designed to minimize data loss.