How can you reduce the risk of data loss?
The risks and volumes of data loss can be considerably reduced. However, any risk reduction strategy must be adapted to the size, needs and, above all, financial resources of the company. From preventive to curative measures, here are the main provisions applicable to all profiles.
Raising awareness: good IT practices
Bad IT practices increase data vulnerability: sharing files on open platforms, backing up work files on personal computers, saving logins for automatic connection… They are the result of ignorance, negligence or the search for personal convenience.
Documenting IT procedures and defining a charter of best practices is therefore not enough. Training and awareness-raising initiatives for users will help ensure that they are respected and strictly applied.
Preventive: backups and computer security
The aim of preventive measures is to reduce the risk of incidents, loss or unavailability of data.
IT security tools and protocols will first and foremost protect the company’s network and computers from external or internal attacks:
- User access control: restrictions based on user privileges, password modification or session recovery when an employee leaves the company, etc.
- Detection and security tools: firewalls, anti-virus software, server control and monitoring, intrusion detection software (IDS)…
- Regular updates of software and IT security tools!
A data backup policy will facilitate restoration in the event of a disaster. It must be defined according to several criteria:
- Data identification: volumes, important data…
- Storage media: hard disks, servers, online backups…
- Backup method: full, incremental or differential back-up
- Backup frequency: real-time duplication or scheduled backup…
Anticipation: BCP and DRP
The Business Continuity Plan (BCP) and the Business Resumption Plan (BRP) are designed to ensure that, in the event of a crisis or disaster, the company’s business and/or IT processes are maintained, usually in degraded mode, and then resumed as normal. While the measures defined when drawing up a BCP/DRP depend on the specific characteristics of the company, certain advice always applies:
- Imagine crisis scenarios and their impact on the company.
- Identify critical company resources and data.
- Define the roles of the team in charge of implementing the BCP/ERP.
- Take ownership of and regularly test the BCP/ERP.
- Update the BCP/ERP according to changes in the company’s infrastructure.
Curative: data recovery
Computer data is very persistent. Wrongly considered as definitively destroyed or lost, it can nevertheless be recovered in most situations.
Data recovery must, however, be entrusted to a qualified expert, able to make a precise diagnosis and implement appropriate means. The advice of a specialized service provider takes precedence over any other recovery attempt, since uncontrolled intervention is likely to aggravate the damage and reduce the volume of recoverable data.
In the event of data loss, here are a few things to remember:
- Switch off storage media as soon as you suspect a breakdown (unusual hard disk noise, burning smell, etc.), a disaster or a serious system error.
- Do not perform any software operations on the storage medium, such as running a system repair tool (CHKDSK), installing software, reinstalling or formatting the system…
- Don’t use data recovery software, as most are configured for specific failures, or a parameter setting error can make the situation worse.
- Do not intervene physically on the storage medium, e.g. open a hard disk, use a hair dryer on a damp storage medium…
- Restore existing backups to a different medium or volume.
