Three quarters of organizations risk their data with poor backup and protection policies
Just 25 percent of IT professionals are following industry best practices for backing up data, according to a new study from hardware-encrypted storage maker Apricorn.
The survey details data backup, encryption and resiliency protocols for over 250 IT professionals in the United States and Canada over the last 12 months. It finds that while 93 percent of respondents say that they factor in data backups as part of their cyber security strategy, only one in four follow the 3-2-1 rule, in which they keep three copies of data, on two different formats, one of which is stored off-site and encrypted.
A data loss event has been experienced by 37 percent of respondents and 55 percent report that they've had to restore data from a backup as part of recovery. However, 16 percent don't ensure that their data backups are clean and complete, and 52 percent say they keep their backups for only 120 days or less, which is less than half the average 287 days it can take to detect a breach.
"Hardware encryption and frequent data backup policies are the only two things organizations can count on to protect data, yet we've seen very little improvement year-over-year in following these best practices," says Kurt Markley, US managing director at Apricorn. "In today's hybrid work culture, it’s shocking to see so many IT professionals driving with their eyes closed when it comes to data resilience. Companies should implement the 3-2-1 method and give employees options to easily backup and secure their data, while also implementing policies for encrypted storage."
Among other findings are that 33 percent have experienced data loss related to employee actions. A third of employees working in the office don't consider themselves as potential targets that cyber attackers can exploit to access company data. This is higher than the 27 percent of remote employees who don't consider themselves as potential targets. And despite the lack of employee awareness that they could be targeted, only 50 percent of organizations say they encrypt sensitive information for data on the move which is only a 10 percent improvement from last year.
"Hybrid work is not new and it's irresponsible of organizations who offer hybrid work but have not yet adapted their security requirements for it," adds Markley. "Employees in all areas of business should recognize that they could be a target for a cyberattack or phishing attempt that could lead to compromised data. However, many employees feel fully protected by their IT policies, giving them a false sense of security. This can be particularly risky when employees continue to work remotely or in hybrid settings where sensitive information is on the move. IT pros should continue to encourage employees to backup data to an encrypted device before working remotely."
You can find out more about protecting data on the Apricorn blog.