Monthly Archives: October 2015

Many businesses suffer from an ongoing battle against data breach in today’s world of ever-mounting digital threats on assets and proprietary data. Even individuals are at risk of losing their information to identity thieves or blackmailers. The Ponemon Institute‚Äôs 2014 Cost of Data Breach study found that the average data breach costs an organization about $5.9 million. While most businesses have security practices in place, third-party data recovery vendors are some of the most common perpetrators of data theft.

Here are some of the best practices for businesses and individuals to implement for their own protection and to close the security gap in the data recovery process.

data breach2

  1. Gap Analysis

An internal inventory must be conducted at least once a year to determine if a security gap exists within an organization. A company should be able to answer the following questions:

In the case of a failure on the part of a storage system, is the drive sent to a data recovery vendor?

Is an incident report filed? By whom?

What is the data recovery vendor selection criterion? Are data recovery vendors properly checked and validated?

What is the current audit and assessment process for third-party data recovery vendors? Who is in charge of that process?

  1. Internal and External Policy Revision

In the event that a security gap is identified, internal procedures must be rewritten so that they include business continuity, disaster recovery and incident response plans.

  1. Maintain Enforcement

Companies should conduct mandatory annual security reviews and employee training deployment in order to ensure that internal and external policy revision can make a real difference in the safety of the company’s data.

  1. Examine Third-Party Data Recovery Providers Closely and Check Their Histories

Ensure that the data recovery vendor possesses up-to-date documents from a third-party security auditing company and that those documents comply with SOX and GLBA. The SOC II Type 2 certification is especially helpful as it requires background checks for all employees prior to employment.

The following criterion are a great start:

  • Proof of internal information technology controls and data security safeguards, such as annual SOC 2 Type II audits
  • Employee training programs that ensure sensitive and confidential data is protected
  • Certified and trained engineers
  • Proof of Chain of Custody documentation and certified secure network
  • Employee background checks
  • Secure and permanent data destruction when required
  • Use of encryption for files in transit
  • Proof of a certified ISO Class 5 Cleanroom

By following these steps, companies and individuals can protect themselves against data theft. ¬†Remember that data theft can happen any time in any place, so always having your data backed up to a hard drive that is stored in a safe place can be the difference between a hiccup in your business and the bitter end. Take the time to be safe with your information and always ask for certification from anyone who wants or needs access to your personal or commercial information; you’ll find the cost of error makes it worth it!