Raid Server Data Recovery

Loss of sensitive data about customers, clients or staff by companies and institutions have become regular news items lately. These incidents are in fact so common that they are hardly newsworthy anymore, except the very largest and most embarrassing. Many of these incidents seem to be the result of great, even criminal negligence on the part of those who lose data.

A majority of the data loss incidents seems to originate in the USA and UK, in hospitals, other institutions, the military and others. An international survey of health care workers (Mobile Device Usage in the Healthcare Sector) showed that security was dismal in general in both countries, with the British being in slightly better shape security-wise than their American colleagues. The state of information security is therefore bad on both sides of the Atlantic, but how about the rest of Europe and the world? Does the lack of reported data loss incidents translate into a lack of actual incidents?

Taking Iceland for example, reported incidents of data losses in the public or private sector are very rare. This applies irrespective of the incident type, e.g. sensitive information being lost, mistakenly made accessible to third parties or insufficient resources being spent to protect valuable information. One possible reason for this lack of public reports is that the state of IT security is much better in this country than in the USA or UK. A more likely explanation, however, is that companies, institutions and workers who discover these incidents don’t report them or they simply go unnoticed.

ENISA, the European Network and Information Security Agency, recently recommended mandatory data loss disclosure regulations. ENISA claims governments, organizations and the public underestimate the threats facing all aspects of IT. Informing the public or, at minimum, the affected parties, when data loss occurs is an important factor in enhancing awareness of these issues. ENISA calls for the European Union to implement uniform laws for response and notification in the event of a data loss. Individual countries within the EU are already considering similar laws. A new proposal in the UK makes inadequate protection of data resulting in a breach or loss, a offense with financial penalties.

There is every reason for companies and institutions everywhere to be well prepared in these matters. Organizations suffering data loss lose a great deal of trust by the public. Also, commercial data often has a direct high monetary value. Companies with necessary security precautions minimize the risk of data loss, and minimize the damage caused in such an event. Internal procedures and security controls are essential in this context since the vast majority of data loss instances result from negligence or flawed procedures.

Monitoring of controls and procedures is also necessary, preferably by external auditors. Laptop and memory key encryption and security hardened procedures of remote connections and email usage are examples of simple preventive measures that are also inexpensive. The cost of security controls like these is negligible compared to the damage caused by one big data loss event.