Protecting Your Computer Against the Threat Posed by Humans
Computers manage so many routine activities at workplaces. Yet more often than not, human error results in unexpected data loss.
Many people have developed a false sense of security with their phones, tablets and computers, storing loads of information on them. But how much of their day-to-day existence would be interrupted if the information they counted on could not be accessed? Could they easily recover?
Consider the following computing scenarios involving human error:
Ignoring failing hardware: Yesterday the computer sounded “funny” but the employee continued to work. Today, the system shuts down.
Improper handling of shared documents: Many businesses use locally shared documents or have a virtual location to store items. Although this setup very effective for collaboration, what happens when a user deletes a file that others still needed?
Miscommunication during maintenance: Faulty communication and misidentification by IT staffers for scheduled maintenance can lead to local data loss for users and corruption in the server itself, potentially extending the downtime and data loss beyond the initial event.
Opening a fake email link: Within the past year, the CryptoLocker virus became a huge threat overnight. The virus relies on human error to enter computer systems, which become infected by users clicking on an email link. The only way to unlock the virus was to pay the ransom fee. IT staffers scrambled to fix things, only to find out that they were being held hostage, causing lost time, resources and data.
Losing data: Imagine retrieving a computer after its repair to find out no data is on the drive. The staffer is told that the hard drive is new. Yet the one extracted from the computer is nowhere to be found. It turns out that the old one was wiped clean and discarded.
The harsh reality is that no one is perfect and human error can occur when it's least expected. Consider the following guidelines to protect a business against unnecessary data loss due to human error:
1. Identify critical data.
At any given time, keep a minimum of two to three copies of key data. Providing this level of redundancy for critical files leads to confidence that data can be available if need be, should something happen. Even better, have data onsite for rapid recovery and offsite in case of a disaster. Also, establish clear policies for data retention and have access controls in place for additional security.
2. Identify critical applications.
Make sure each business application is identified and classified by tier. Then establish clear policies for access, retention and recovery for each application tier. Create and promote a companywide IT policy. With bring-your-own-device policies, cloud applications and other consumer-grade apps in use, companies must establish a clear IT policy that's communicated and enforced.
3. Arrange for external storage.
Encourage use of an external means of storing critical data away from the immediate work space. Users typically turn to consumer-grade backup systems such as external USB drives or hard drives because they don’t trust the internal IT department to provide adequate safeguards.
Adopting a backup and disaster recovery technology that enables seamless and secure data storage offsite with fast recovery capabilities reduces the risk of information vanishing because of faulty external drives. This staves off the potential loss of confidential information.
4. Arrange for consistent checkups.
It’s easy to check to see if information is stored in a secondary location, but it can be difficult to know if it's current or a complete mirror of the data. Regularly test processes to ensure that they are being followed and that the data needed is available.
To take things a step further, however, organizations should invest in a backup solution that's set up and maintains itself automatically. Then there's no need to remember whether the data was copied because the system just does it, allowing for peace of mind and confidence that the rhythm of daily business will continue uninterrupted.
5. Deliver security training to employees.
Not all companies spend adequate time making employees aware of simple security and data policies. Training employees how to spot fake phishing messages, emails that could potentially hide a virus and basic elements of social engineering will go a long way to ensure data is protected.
Ultimately, there's no simple way to mitigate human error because it can take place at any time, anywhere. But businesses can adopt procedures to properly prepare so applications are running and IT infrastructures won't go down.