Data Loss – A Real Threat to the Company

There are two main threats related to company data. They can be exposed or lost. Data exposure is a separate, broad topic; in this article, we will focus solely on data loss.

Data loss does not only mean their physical deletion. A serious problem can also be the lack of access to data or their corruption, making them unreadable.

In practice, this means a situation where the company is unable to use its documents, systems, or work history.

Causes of Data Loss

Data loss can have many causes. Some result from hardware failures, others from human errors, random events, or malware attacks.

Hardware Failure

You turn on the computer or server in the morning, and instead of the system, you see a disk error message. The system does not start, and the data is not accessible. Hard drives and other data storage devices are mechanical and electronic devices that wear out and fail.

User Error

An employee organizes folders of documents and deletes files that seem unnecessary. Only after a few hours does it turn out that among them was an important document or the entire project directory structure. In many companies, accidental actions by users are one of the most common causes of data loss.

Malware Attack

You arrive at work in the morning and try to open a document. Instead of its content, you see a message stating that the files have been encrypted and that to regain access, a ransom must be paid. This is a typical scenario of a ransomware attack that locks access to data across the entire company.

Random Events

At night, a plumbing failure or fire occurs in the building. Computer hardware is damaged or completely destroyed. If the data were stored exclusively in that location, the company may lose access to them without the possibility of recovery.

System Issues

The operating system is performing an update or there is a filesystem error. Upon rebooting, some documents are corrupted or cannot be opened. The data is still physically on the disk, but the system cannot read them correctly.

Loss of Data Access

There are also situations where the data exists, but the organization cannot access it. This may result from the loss of administrative accounts, loss of encryption keys, or errors in authentication systems.

Data Loss in the Cloud

Data in the cloud is stored on physical machines managed by people. They are also subject to many threats. Every serious provider secures itself against data loss, but cases of data loss do occur. The cloud does not guarantee data security.

Basic Principle: Backup

The most effective way to protect against data loss is to regularly create backups. This should be done periodically, preferably in an automated and monitored manner. This way, the process becomes as little dependent on human factors as possible.

The frequency of backup creation depends on business needs. Some companies only need a backup performed once a day, accepting data loss from one day of work. In other cases, backups are made much more frequently - even every few minutes.

How It Used to Be

Just a few years ago, the classic method of performing backups was saving data on magnetic tapes. The administrator would create a copy and then put the tape in a "cabinet."

Although this solution provided a sense of security, in practice, it often turned out to be insufficient. Tapes were usually stored in the same location as the servers, so a fire or flooding would destroy both the data and the backups.

Additionally, it sometimes happened that during the data recovery attempt, the tape was damaged, and the data recovery process was very time-consuming.

Modern Backup Approach

Modern backup systems use several independent mechanisms simultaneously.

At Helpwise IT, we apply the 3-2-1 principle:

• 3 copies of data

• 2 different storage media

• 1 copy stored offsite

This approach significantly increases data security.

3-2-1 Backup Principle Diagram

A secure backup relies on three copies of data, two different media types, and one copy stored offsite.

Data Snapshots

The first element of protection is data snapshots taken very frequently, for example, every 15 minutes. They are created on a local server and allow for almost immediate restoration of data to a previous state.

In typical situations - such as accidental file deletion or document corruption - data can be recovered within minutes, losing a maximum of a few minutes of work.

Second Copy in a Different Location

The second element is a copy of data stored on a separate server. It often resides in a different geographical location.

This protects the data from hardware failure, fire, or flooding, as well as from data being encrypted by ransomware.

To mitigate the risk of copying being encrypted, the backup server should not be directly accessible from the corporate network. Instead, it retrieves data from the source system.

Third Copy in the Cloud

The third element is a copy stored in the cloud. This is an additional layer of security that protects data in the event of a major failure or disaster affecting the entire local infrastructure.

Such services are often cost-optimized - data storage is inexpensive, while recovery may be more expensive. In practice, however, this is acceptable because this copy is used only in emergency scenarios.

Why Backup is So Important

There is no single solution that will secure a company in every situation. Only a set of complementary mechanisms - local backups, separate infrastructure, and cloud copies - provides real data security.

Backup is needed only at one moment - when something has already gone wrong.