Data Protection

Protection of data revolves around three main areas of business practice - prevention practices, recovery strategies, and offsite storage considerations. Let's review all three to better understand the role each plays in the overall protection scenario.

Prevention Practices:

Everyone who uses a Personal Computer (PC) is susceptible to data loss. Many of us will experience some type of data loss in the not too distant future. It may be a single file or the whole hard drive. By understanding the likely causes of data loss, we can take precautions and reduce the risk.

According to Disaster Recovery Trade Journals, data loss is the result of the following types of occurrences:

• 44% - Mechanical failures, such as drives, heads, and power.
• 32% - Human error, including accidental deletions, spilled drinks, and not shutting down the system properly.
• 14% - Software problems, which occur when software revisions aren't properly tested.
• 7% - Viruses.
• 3% - Natural disasters, such as hurricanes, tornadoes, and lightning strikes.

Let's look at some practical steps we can take to reduce the likelihood of data loss.

• Move your coffee and other drinks away from your PC. Spilled drinks cause more than just sticky keys; they are a formula for data loss.
• Use a recommended anti-virus software package. By properly installing updated anti-virus software, you can reduce the risk of data loss by some bit-eating virus, worm, or Trojan-Horse.
• Never connect or disconnect cables or peripherals when your system is on. Power off your unit completely.
• Keep your unit clean and vacuum vents regularly. Dust particles have been known to cause system crashes.
• Scan your hard drive for errors and lost sectors, and then defragment it. This is a common system utility program that comes with most PC's to butt used disk space together and unused (free) disk space together to enhance system performance, while lessening data loss risk. This should be done at least once a year and only after doing a complete, tested backup.

You won't be able to stop data loss from occurring, but by reducing the risk and having a complete, tested backup, you can minimize your exposure and protect your data.

Recovery Strategies:

Data Recovery Strategy sounds very impressive, but it's not all that involved. It's all about backing up data, storage of the backups, and then being able to utilize them to do a restore / recovery. Various categories of computer information require a data recovery strategy which may or may not be the same.

These categories include:

• Operating System Environment
• Application Support Software
• Customer Data
• Company Data

Data recovery strategies require plans for backup, off-site storage, and data recovery. You should consider two aspects of backup. One is a disaster recovery backup where backup copies are stored in a facility considerably removed from the primary computer center. The other is an operational recovery backup where backup copies are retained on the premises to accommodate many possible operational situations.

Creating and labeling daily, weekly, and/or monthly backups of pertinent information, based on how difficult it might be to recover / re-create, can save hours of heartache, at a minimum.

The time to create a backup copy can range from five minutes to many hours depending on the size of the system or set of information you desire to have backed up. Always identify the contents, the date of the backup, and the data classification.

Also, when you develop backup and recovery plans, you should consider the different processing requirements that may exist between normal processing and disaster situations.

Other factors to consider include:

• What to backup
• How often to backup
• When and where a backup is stored
• How to identify and retrieve a backup
• How long to keep a backup
• What to do with the backup at the end of the retention period
• What storage media to employ
• Who is responsible for execution
• Who is authorized for backup and recovery

Offsite Storage:

If you ask most people to show you their PC backups, they reach for their desk drawer, that is if they have any at all.

The purpose of off-site storage is to safe keep the data needed for recovery at a location away from the primary location, as a protective measure. Then, if the primary location is destroyed in a disaster, the data needed for recovery is available at the off-site storage location.

The strategy for arranging for business off-site storage involves the following:

• Select an off-site storage facility.
• Establish procedures to manage and control the rotation of backups to and from the off-site storage facility.
• Move backups off-site following a planned schedule.

Follow these guidelines for quality off-site storage:

1.) Identify an off-site facility that has the following characteristics:

• Separate location from the primary location (it is recommended that the location be at least 25 miles away) to prevent a disaster from affecting both sites.
• Controls for temperature, humidity, and fire protection.
• Accessible 24 hours a day, 7 days a week to authorized personnel.
• Secure access controls.
• Capability to rotate backups to both primary and alternate processing locations.
• Bonded employees.
• Electrical power backup.

2.) Document the following:

• Methods for identifying disaster recovery backups.
• Method for transportation to the storage facility.
• Process for rotation / retention.
• Personnel that have authorized access.
• Obligations for nondisclosure of backup data.
• Shipping and receiving schedules.
• Length of storage contracts.
• Cancellation provisions.

3.) Define procedures to be followed at the off-site storage facility during normal, non-disaster periods.

4.) Define procedures to be followed at the off-site storage facility during a recovery operation.

Equally important is having good backup procedures. They are essential to ensuring that critical company and customer data, as well as your own personal data, is captured. It is every employee's responsibility to backup data that is necessary for the recovery of their job functions.

Listed below are some items to consider backing up and moving to an off-site location:

• Personal files or PC diskettes containing critical data.
• Phone lists (customers, employees, vendors).
• Financial documents.
• Any documents or manuals necessary to perform your job.