Perhaps more worrisome than security breaches, which occur relatively infrequently outside the university arena, consider industry statistics for data loss, compiled by online back-up firms Data Deposit Box and Protect Data:
- A hard drive crashes every 15 seconds;
- 2,000 laptops are stolen or lost daily;
- One in five computers suffer a fatal hard-drive crash during their lifetime; and,
- 40 persent of small- to medium-size businesses don't back up their data at all.
If this is what's occurring in Corporate America, tradition holds that the nonprofit sector is much further behind.
Experts in the area of risk management, including AH&R Insurance's Mel Whiteley, Laura S. Quinn of Idealware, EarthJustice IT director Peter Campbell, and the staff at mindSHIRTTechnologies, managed services provide to Seeds of Peace, provided the following recommendations for protecting data:
- Risk management is number one. No matter how much insurance you have, you will never totally recover your loss. Make sure that employees are using reasonable passwords (mix of numeric and apha, six and seven characters) to access their own computers. Educate employees against phishing, and have a reasonable back-up plan.
- Evaluate your current back-up plan. Consider the newer back-up technologies such as virtualization - which allows you to run multiple servers on one computer, moving to disk rather than magnetic tape; utilizing "snapshots," which makes restoring data quicker and easier; and synchronizing one disk to another disk 24/7 using continuous data protection.
- Develop and implement a system. Don't just leave it to the wind; designate somebody with the absolute resposibilty of implementing the risk management system.
- Anticipate your likely loss. Recognize that trouble can come from different places. Also, recognize security breaches can occur no matter the level of your firewalls.
- Have the appropriate insurance that deals with what's likely and probable to happen. Also, consider your media exposure - basically, your cyber exposure - as a seperate and unique exposure.
- Try to get your host to undemnify you. It doesn't hurt to ask your software provider if they will provide coverage.
-Marla E. Nobles