Data loss refers to the destruction of sensitive information. It’s a specific type of data breach, falling into the ‘availability’ category of data security (the other two categories being ‘confidentiality’ and ‘integrity’).
Data can be lost in several ways – occurring either accidentally or maliciously – and will cause numerous problems for your organisation.
In this blog, we explain what you need to know and provide data loss prevention tips.
What causes data loss?
There are several types of data loss, which can be separated into four categories.
Organisations’ biggest risks are the way that people use data. Employees are prone to deleting files or other information, which is especially damaging if the information is in hard copy or if you have no backups.
This problem is exacerbated when organisations don’t implement policies and procedures on how to handle information. Reminding employees to exercise caution and to back up information wherever possible will mitigate this risk.
Data loss can also occur when devices suffer water (or other liquid) damage. Many of us have a glass of water or a cup of coffee on our desks when we work, and it only takes one spill to damage a laptop’s internal systems.
Unlike desktop computers, laptops don’t have extra covers to protect them from water damage, which increases your risk of electronic components short circuiting. Once that happens, it’s very hard to rescue the laptop and the information stored on it.
One of the benefits of technological advancements is that it’s easier to work on the go – with laptops becoming smaller and lighter, and public Wi-Fi enabling us to work in cafés, on trains or in other public places.
Unfortunately, that convenience also increases the possibility of devices being stolen. An opportunistic criminal could grab your laptop or phone if you’re not looking or if you leave it unattended.
There are several types of virus that can wipe information from your hard drive. The most notable is ransomware, which has surged in popularity since the start of 2020.
Attacks often begin with an infected attachment in a phishing email. When the victim opens the file, the malicious program encrypts the data on their device and potentially spreads across the network. The victim then receives a ransom demand stating that, unless a payment is made, the information will be wiped.
Experts urge organisations not to pay ransoms – because it could lead to ongoing problems, including recurrent ransomware attacks – and instead recommend restoring systems from backups.
Doing this means that any information that hasn’t been saved will be lost – although you might face this problem even if you pay up, as there is no telling whether the criminal will keep their word.
A computer’s hard drive is its most fragile part. We described earlier how water damage could permanently affect your systems, but that’s only one risk.
Many issues are related to degradation over time, such as faulty air filters, firmware corruption, heat damage and power issues.
However, the most common cause of hardware destruction is head crash – where the internal read-and-write head of the computer touches a platter or scratches the magnetic data-storage surface.
This can happen when the device is dropped or experiences some other shock, but it can also occur through innocuous activities that can’t be mitigated.
The fact is that a lot of things can go wrong with hard drives, and you should expect them to break down eventually.
The impact of data loss on your business
There are three ways that data loss will affect your business.
Your organisation’s primary objective is to remain operational, but that will become much harder when you lose sensitive information.
It can take anywhere from a few hours to a few weeks to restore your systems and find a workaround, which is why lost productivity is the biggest cost of data loss.
Staff may be forced to work with paper files or be called in to perform remedial activities – such as handling customer queries regarding the incident.
Even if the data loss wasn’t the result of a cyber attack, it’s still classed as a data breach. That’s because, as the ICO (Information Commissioner’s Office) explains, data breaches encompass all events that
[lead] to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.
You therefore still have a regulatory responsibility to report the incident. If you are subject to the GDPR (General Data Protection Regulation), your notification must come within 72 hours of becoming aware of the incident and include an explanation of how the incident occurred and what you have done to address the situation.
If your supervisory authority discovers that you failed to comply with the Regulation, you may receive a fine.
Customers are often impatient; they expect service to be smooth and catered to their needs. If you’re not able to provide that due to a security incident, you risk negative publicity and losing their business.
That’s why it’s essential to do whatever you can to assure them that you are on top of the situation and have done everything possible to protect their data and serve their request.
Indeed, some organisations spend hundreds of thousands of pounds repairing their brand after a data loss event, whether that’s on setting up helpdesks, offering complementary credit checks, or taking proactive steps to address the breach and keep customers informed.
Data loss prevention methods
Although it’s impossible to prevent data loss entirely, you can mitigate the threat – and reduce the associated damage – by investing in software solutions. With the right software, you will be able to monitor your networks easily and be alerted whenever unusual activity has occurred.
The software must be capable of detecting who is using data and whether they should have access. You should have an approved list of users for any data you have, perhaps by whitelisting certain IP addresses and applying access controls.
Should an unauthorised person view this information, the software would typically send you an alert and give you the chance to review whether a security incident has occurred.
Data loss prevention software must also monitor data in transit to see whether an unauthorised person has obtained a copy of the information.
How does data loss prevention work?
By proactively pursuing data loss prevention, you are far more likely to spot security incidents and mitigate risks.
Those looking for an appropriate tool might be interested in BreachTrak™. This service, offered by our sister company DQM, provides breach monitoring support, enabling organisations to keep an eye on their data and discover unusual activity.
BreachTrak can help you monitor the Internet, email, phone and postal communications, and alert you whenever someone uses your data.