Even though one of the defining trends of recent years has been the decluttering, minimising and curating, (a trend which can apply to businesses just as well as to individuals and to data just as much as “stuff”), the fact still remains that not only is there a limit to how far we can go with the minimalist trend, but that some items and some data not only deserve to be protected but need to be protected for legal reasons, e.g. to show compliance with regulatory requirements. With this in mind, here are some key security and backup tips for the next 12 months.
Learn from the minimalist trend
At a simple level, minimalism is about decluttering, getting rid of “stuff”, physical or digital. At a deeper level, it is about bringing your possessions down to a level where you know not only exactly what you have, but why you have it. In other words, minimalism was preaching the basics of GDPR long before GDPR was even a buzzword let alone a law. Now GDPR is very much a reality and companies should already be in compliance with it. If you have any doubts about your GDPR compliance, then now would be the perfect time to address them. Frankly, even if GDPR ceases to be law, it’s still a safe bet that your customers will expect their data to be treated with appropriate respect.
If you are confident about your GDPR compliance, then apply the same principles to your internal data so that you create a situation where you have full knowledge of everything you own and the purpose it serves. While this can involve a lot of work, it is an essential first step in keeping your data secure. Not only can you only protect something if you know it is there, but you can only find something really easily and quickly if you actually know where it is and therefore can go to it directly rather than having to wade through mountains of irrelevant (data stuff) before you eventually (hopefully) find what you need.
Take a close look at your file formats
Once you have identified the data you need to keep, take some time to look at the formats in which it is held and think carefully about their likely longevity. If your data is stored in mainstream formats, such as pdf, then you are probably going to be fine for the foreseeable future, if, however, you are using more niche formats, then you may want to consider converting them now or, at least, marking them as being prime candidates for future conversion.
Have a password policy
If a password can be cracked with a password-breaking programme, then it really isn’t meaningful protection and if it can’t then people with legitimate reasons to access the document are going to be stymied unless the password is stored in a secure manner. In short, only store password-protected files if there is a really compelling reason to do so and if you absolutely must, remember to store the password securely as well.
Choose an appropriate “temperature” for data storage
In the world of interior design, the term “hot storage” relates to the most accessible storage locations in your home, while the term “cold storage” relates to the least accessible storage locations in your home.
The general idea is that you use your hot storage for the items you need to access most frequently and your cold storage for items you need to keep but use less frequently. It can be very helpful to apply the same principle to data storage, however, in order to do so, you need to classify your data and to do this, you may find it helpful to take the “Johari window” approach.
Basically, you draw two axes, one for importance and one for accessibility and you plot your data items on these axes. Once you have completed this exercise, you will be able to classify your data under one of four headings:
- Urgent and important
- Important but not urgent
- Urgent but not important
- Not important and not urgent
NB: A quirk of the digital world is that not only can the same data item be placed under different headings at different points in time, but the same data item can be placed under different headings at the same point in time. For example, current tax data could be placed both under the heading of “urgent and important” (because the finance department needs constant access to it to prepare your tax returns) and “important but not urgent” (because the company itself needs to keep a record of it to satisfy regulatory requirements).
As time passes, however, that same data may move to being simply “important but not urgent” (the finance department is finished with it but you still need to keep it for compliance reasons) and then ultimately, potentially, to being “not important and not urgent” (in which case it may be time to hit the delete button). With this in mind, it can be a very good idea to conduct this exercise on a regular basis to ensure that all the data you keep is still relevant and being stored appropriately.
Choose an appropriate storage model
There are numerous options for backing up data and you may well find it best to use a combination of them according to data type. Here are some suggestions.
- Urgent and important - local network drives and/or cloud storage will keep important data secure but still quickly accessible.
- Important but not urgent - This data can be stored offline, for example on tapes, CDs/DVDs and/or hard drives (both solid state and mechanical), again, you may want to use more than one of these options as they all have their pros and cons with regards to their effectiveness at protecting data over the long term. You may also want to consider keeping both onsite and offsite copies of your data and, of course, you will need to ensure that any and all copies are held in a safe location, e.g. protected from both fire and flood.
- Urgent but not important - Same comments as for “Urgent and important”.
- Not important and not urgent - Why are you keeping this? If you must, treat as “Important but not urgent.”
Create a data-security and back-up policy with relevant supporting processes
Data-security and back-ups are not “set and forget” activities. They need to be treated as core business issues and be devoted an appropriate level of support and respect from senior management. As such, they deserve their own policies and processes, both of which need to be documented and communicated as well as regularly reviewed and tested to ensure that they actually will work if you ever need to call on them.
Joe Muddiman, General Manager, Rads Document Storage
Image source: Shutterstock/scyther5