1.2 Risks of data loss
As the case studies showed, there are serious consequences of losing data.
These consequences can be expressed as a series of costs, such as:
- the cost of recreating the lost data – either by buying new hardware and software or re-entering the lost data (which may not always be possible)
- the cost of continuing without that data (availability)
- the cost of informing others about the loss.
The costs cannot just be expressed in terms of money. For instance, the last cost, of informing others, is not just limited to, for example, postage and email charges. A company that suffers a data loss can also suffer a loss in its reputation as a professional organisation. This problem is greatly magnified if personal data belonging to other people has been lost.
Case study _unit8.2.3 Case study: JournalSpace
At the end of 2008, the blog provider JournalSpace went into liquidation after the crucial database containing its customers’ blogs was corrupted by a disgruntled former employee. This criminal action should not have proved fatal, but it became clear that the six-year-old company had not been keeping complete backups of their data.
JournalSpace customers were able to recover some of their data using copies of their postings held in Google’s giant cache, but JournalSpace’s reputation was ruined. JournalSpace was later reborn under new management, but by then it had lost most of its users.
The risk of data loss cannot be completely eliminated, but it can be minimised. The 2013 Forrester report suggested that malicious actions by disgruntled employees was the leading cause of internal breaches, but a significant number of security threats are caused inadvertently by employees who are unaware of the risks of their actions, such as copying data to external devices or websites, opening infected emails, clicking malicious links, installing software and so on. Better staff training could reduce the risk of accidental data loss.
The Infosecurity Europe survey revealed that while a slight majority of companies had implemented an internal information security policy to secure computers, networks and data, only a minority had provided staff training to raise awareness of potential security risks. Another important way of minimising the effect of any loss is by backing up data – making secure copies of data either on to a separate device, to a separate disk, or even to a different location.
Think about identity theft and loss of data. Have you ever been affected by these issues? Reflect on your personal experience.