A recent survey from a data storage company examined the causes of corporate data loss1. The results were a bit surprising, with “human error” nearly equal to hardware failures and virus/ransomware.
The noted causes included:
- Hardware / system failure – 31%
- Virus / Malware / Ransomware – 29%
- Human Error – 29%
Let’s look at each of these main causes individually –
As business owners and IT professionals, we are very aware of the perils of hardware failure. This could be a crashed hard drive, a RAID controller that goes down, or even something as simple as the server power supply. This category would also include fire, flood, lightning, and other natural disasters. Companies in specific parts of the country need contingency plans for tornado, hurricane, tropical storm, etc. We have even had clients call us because their server was physically stolen (while not technically a hardware failure).
We also commonly make plans in case of a virus or malware or even ransomware. These can take data out of service even if our hardware and network are intact. Good planning often revolves around taking backups offsite, whether to another company location or to a service provider in the cloud. Nothing is bulletproof, but these approaches give us a much greater chance of recovering from a disaster.
Reportedly, some ransomware organizations look for data backups on corporate servers to “confirm” that the data they’re about to engage with has value to the company (this makes another good argument to store backups off site on a separate server).
The high volume of data loss attributed to human error surprised us. Nearly 1/3 of data loss occurs due to human error. This could be due to:
- Failure to create and monitor a backup and disaster recovery (BDR) plan.
- Failure to perform regular disaster recovery tests. The best tests involve starting with a clean computer and recovering all of your company’s critical data from backup sources. Some companies do this exercise once or twice a year from a location other than their office. This also helps plan for contingencies like losing your office due to a fire/flood/etc.
- Improper data edits. Very few companies plan to be able to undo user changes once they’ve been made. What if a user erroneously changes the inventory count an item. Once the count has been overwritten, the user typically can’t go back and “undo” the change.
- Improper data deletion. We recently spoke with a client who had accidentally deleted eight records from a critical database of the parts they produce. Without this information, they weren’t able to take orders for those products. Improper data deletion is often impossible to overcome without systems in place to do so.
- Malice. Let’s not forget that sometimes an employee will deliberately delete or compromise company data. Why? In some cases employees are terminated and allowed to return to their desk. In 2021 a small business collapsed after an angry employee deleted all computer files. While this ex-employee was eventually convicted of their crime, the company still closed, eliminating about 60 jobs. Business Collapse
To mitigate the risk of data loss due to employee error or malice, your database backup plan needs to allow for partial restores. And it needs to retain data over a period of time. If an employee deletes something on Monday but notices it on Thursday, you can’t restore Thursday’s backup over Monday’s without losing other information.
Would you like to review your BDR plans to make sure you’re covered in case of human error or malice? We’d be happy to have a discussion.
1 Survey was reported by StorageCraft, who is a data storage company that (ironically and unfortunately) experienced a huge data loss due to human error in March 2022. Data loss aside, their survey findings have been validated by other studies and their personal experience.