Here are a couple of sobering statistics that should drive home why
data protection is so important:
In a recent survey that RoperASW conducted with 274 executives from
US-based companies that gross $1 bilion+ each year, 52% of the CIO's
(Chief Information Officers) reported that their data is very
vulnerable if a disaster struck their company.
Another recent Info-Tech Research Group survey found that
60% of IT departments did not have formal recovery procedures
in place in case of a blackout.
So even many of the big guys are exposed to business-threatening
data loss scenarios. Let's see what we can do to help each other
reduce this unacceptable risk.
If you accidentally delete a file or move it to the wrong place while
using Windows Explorer, you can quickly retrieve it by either clicking
Edit and then Undo or by pressing the key and
the keys at the same time.
The very things that make email attachments so useful are also
the ones that make them a common tool for attackers.
Forwarding email is so simple that viruses can quickly infect many
machines. Most viruses don't even require humans to forward the email.
They scan an infected computer for email addresses and automatically
send an infected message to all of the addresses they find. Attackers
take advantage of the reality that most users will automatically trust
and open any message that comes from someone they know.
What steps can you take to protect yourself and others in your address book?
Be wary of unsolicited attachments, even from people you know. Just
because an email message looks like it came from your best friend, a family
member or a client doesn't mean that it did. Many viruses "spoof" (falsify)
the return address, making it look like the message came from someone else.
If you can, check with the person who supposedly sent the message to make
sure it's legitimate before opening any attachments. This includes email
messages that appear to be from your ISP or software vendor and claim to
include patches or anti-virus software. ISPs and software vendors do not
send patches or software via email.
Save and scan any attachments before opening them. If you have to open an
attachment before you can verify the source, take the following steps:
Be sure the signatures in your anti-virus software are up to date
Save the file to your local hard drive or a floppy disk
Manually scan the file using your anti-virus software
Open the file
Turn off the option to automatically download attachments. To simplify
the process of reading email, many email programs offer the feature to
automatically download attachments. Check your settings to see if your
software offers the option, and make sure to disable it.
Microsoft Office applications (Word, Excel) allow you to password protect
individual files. Keep in mind that if you use this feature, if you
can't remember the password, it you may no longer be able to access the file.
This feature is useful when you want to protect a form that will be
distributed to and filled out by others. It will prevent them from modifying
the form. Without the password, they cannot modify the file and save the changes
using the same file name.
Follow these steps to password protect individual files from the Options dialog box:
Open the file that you want to password protect
Click Tools in the menu bar at the top
Click Options in the pull down menu
Select the Security tab
Type the password in either the Password to open or the Password to modify text boxes
Enter the password a second time into the Confirm Password dialog box
Click OK
Now of course someone has developed a password hack utility which can usually
open password-protected documents easily. This means that you shouldn't rely on
this feature to protect highly confidential documents. Only use it as a way
to prevent casual users from altering a form, template, boiler plate or similar
document.
Yes, I know. This is supposed to be a newsletter about data protection. Why then
would I tell you how to erase data? To protect it from falling into the wrong hands,
of course!
The best possible method of insuring that data on a hard drive is permanently
deleted is to remove the drive and smash it with a sledge hammer. Here are a
few tips on how to do it if you want to reuse the drive, are selling a computer
or don't want to bother dismantling it.
The U.S. Department of Defense has a standard for how hard drives should be
reformatted so that there's no chance of recovering any previously existing
data. The Windows Format command doesn't conform to this standard yet so
you will have to purchase a third-party secure format utility.
One popular choice is Active@KillDisk. ( http://www.killdisk.com/ )
This product comes in a free version or a professional version. The free version
performs a semi-secure format, while the professional version, which sells for
$29.95, conforms to Defense Department standards.
Another competing product is East-Tec Sanitizer. ( http://www.east-tec.com/ )
The standard version of this product allows one person to format up to 10 hard drives for $29.95.
For $199, up to 10 technicians can format an unlimited number of hard drives.
There is also a free trial version that allows one person to reformat one
hard drive.
The data storage market continues to undergo enormous change in an effort to keep
up with insatiable demand for data storage capacity. If you come across some
article on this topic you are almost certain to see one or both of these acronyyms.
Here's what they mean.
SANs (Storage Area Networks) are storage devices linked by a dedicated network to facilitate
the sharing of storage resources by multiple applications and multiple
servers.
NAS (Network Attached Storage) devices consist of a dedicated file and print server connected
to a corporate network. These devices are typically less expensive and
easier to install than SANs. Basically, they are large, relatively inexpensive
and scalable hard drives with less "brains" than a traditional file server.
Last month we talked about where data resides inside an organization and
saw that you need to know where your data is in order to create an effective data protection plan.
The next thing we need to get a handle on as we create our plan is exactly how data can be
lost or compromised. Here is some food for thought. (This list is by no means comprehensive.
Email anything you would like to see added: ( Click here )
Human Error/Oversite
This is the most common cause of data loss. Some common examples are:
Accidental file delete or overwrite
Physical damage (dropped laptop, liquid spilled into casing, overheating due to plugged air vents, etc.)
Lost laptop, PDA, backup media, etc.
Improper software install or uninstall
Improper reboot or shutdown
User opens infected email attachment
Failure to keep anitvirus software up to date
Failure to apply critical updates to operating system and/or application software
Accidental loss of power (pulled plug, turned off wrong circuit breaker, etc.)
Equipment Failure
Hard drive failure
Hard drive controller failure
Power supply failure
Any hardware failure while data is being saved
Tape drive destroys tape
Power Problems
Blackout, brownout
Circuit overload
Cut powerline
Power surges/voltage fluctuations
Software Failure
File system corruption
Registry corruption
Operating system crash
Application failure prior to save
Internal Attack/Unauthorized Activity
Sabotage by a disgruntled employee or unauthorized person who sits at a logged in PC
Unauthorized use of the Web and/or Email
Theft of hardware, backup media, discarded hard drives
Vandalism
External Attack
Hackers
Virus, worms
Scumware, malware
Perils
Water damage (flood, sprinkler)
Fire
Weather
Earthquake
Environmental contamination
Medical
Civil disturbance
Terrorism
So you see that even this abbreviated list is quite long and that there are many
ways you can lose data. The important thing to remember is that you must have
a good understanding of how data can be lost or compromised if you are going to
build a first class data protection plan. This is not to say that your plan will
only address these scenarios. On the contrary, any good plan must be flexible
enough to deal with the unforseen problems that will inevitably arise. However,
gaining a good understanding of how things go wrong is essential.