If you’ve been using a computer for an extended period of time, you’ve no doubt been swimming in the sea of data protection. So many problem solvers are thrown at us. We attach ourselves to anti-virus and anti-spyware protection like a newborn baby, we master and understand the importance of external backups to avoid data loss when your computer crashes, and some of us even know the very real pain of corrupt data tables due to power surges.
These are the obvious security measures we take. We seek to protect the machine from itself. But what we often forget in our computer-driven world is the X-factor of humanity. The question we must ask is what are we doing to protect our data from ourselves?
Working in a Support environment daily reveals all sorts of wild situations. It’s a proverbial jungle of problems to be serviced. Sometimes, the fierce animal of the Support Jungle strikes and this is the X-factor I spoke of earlier. This wildness of this story I’m going to share with you will change your perspective completely on WHAT data protection truly is, and WHY it is paramount we create awareness and execute it well.
Put yourself in this scenario: You are in your Church or organization, cruising along the road of status quo. You feel good that everything is under control. You have an employee or volunteer that has been a loyal asset with the church for years. This person keeps all the records. You verify that they make an external backup every week so that you don’t have to worry if something happens to the church computer. You have a virus protection program and a spyware protection program that runs harder than Carl Lewis. You are safe right? Right???
Wrong. Little do you know, there is a gaping security hole in your bubble of anti-virus external backup shield.
What’s the hole? All of your eggs are in one basket. You’ve got little baskets in a big basket, instead of having multiple big baskets.
Data security isn’t just about hijackers, viruses and privacy. It is also about the people that have access to information. Here’s what happened that opened my mind, and should open yours too. Last week a customer called because they were getting errors trying to open Membership Plus. What we saw was mind blowing. The church had recently “lost” their secretary and it didn’t appear to be a mutual decision.
Before departing the secretary had renamed every single file associated to Membership Plus and other various applications. “MPManager.bpl” for example became something like “zzzzzzzzx.!!!”. EVERY file was renamed to something that made no sense at all. Even the file extensions were changed!
Not only did she make it impossible to recover the data, she made it impossible for them to use the programs at all. To pour salt in the wound, she took all the backups and made sure there were none left on the computer.
When I think about what could have been done to keep this from happening a few things come to mind:
If you put all of your eggs in one basket, make sure at least one other person gets copies of the backups on a regular basis. Have multiple BIG BASKETS!
Use a backup service like LiveStor so that backups run automatically to a server that an employee can’t access.
Or, even better, consider using a hosted application like ACS OnDemand. The application is available to any staff member from anywhere but they don’t have permissions that would allow them to damage the files. And, backups, updates etc., are all done for you.
Remember, ONE big basket is still a security hole! You need multiple big baskets to be secure from the machine and the X-factor.
What steps will you take?