Opinion: Eliminating human error from data loss risk

In a world adopting workforce mobility and flexibility more and more, we have to accept that sensitive data is going to be carried on portable devices, and take steps to secure it. Unfortunately, too many organisations are failing to do this.

Google the words “data loss” and you will be inundated with results referring to portable devices containing sensitive information that have been lost or stolen. For example, it was reported back in July that the Department of Health alone had lost more than 300 laptops and 400 mobile phones since 1997.

Although an outright ban on storing business data on portable devices would be impractical in today’s mobile environment, the Information Commissioner’s Office (ICO) is right to crack down on offenders. All organisations must ensure that any portable device containing sensitive information is carefully transported and, more importantly, properly encrypted. The policies, procedures and responsibilities need to be in place and understood, and appropriate encryption applied religiously.

But even for heavyweight encryption, there is still a risk the data can be accessed by a determined and resourceful third party. So when the information stored on portable devices is either particularly sensitive or particularly voluminous, as is likely to be the case with backup tapes, is encryption alone really enough?

The fact is that, as high-speed data connections have become widely available, there should be no need to use tape - a 60-year-old and notoriously unreliable technology - for backing up business-critical data.

Nearly all instances of loss or theft of data are triggered by human error, a risk that can never be completely eliminated. Staff may be reprimanded over lapses of concentration, but at the end of the day, it is unreasonable to expect them to accept full responsibility for looking after critical data when a safer alternative is available. It is now possible for data to be backed up online and managed in secure datacentres. The potential for human error can be almost eliminated and the data is never exposed to the risks of a portable storage medium.

As soon as you authorise the portable storage of confidential information, you lose ultimate control of where that information goes. The alternative - backing up to a reputable, accessible and encrypted online service - takes the pressure off staff, while ensuring data is retrievable from a variety of locations. This eliminates the need to ever load sensitive information on a portable device. High-speed data access has revolutionised a whole variety of business processes, and it’s high time for data storage and backup to catch up.

Eoin Blacklock, managing director, KeepItSafe