Strzałka w lewo
Strzałka w lewo

Correct security policy: how to implement it?

08.10.2019
Data security

Making backups spends the sleep of many entrepreneurs. Regardless of what size your company is or what kind of business you are in, backup is an obligation. The RODO regulation also mentions backups, which are a form of data storage, so when files are damaged, backups take over the RODO status.

Backup has the task of restoring the original contents of the storage media in case of damage or data loss. Therefore, it is crucial to take care of the quality of backups and to follow proper procedure. Antivirus software is not enough in this case.

Backup a lifesaver against cyber attacks

There has been an increase in cyber attacks in 2018 and 2019. According to data from reports (including KPMG, Xopero and Interaktywnie), it is estimated that cyber-attacks happened at about 70% of Polish companies. With them came large financial losses and a decline in credibility and trust in the eyes of customers.

To avoid such situations, a backup procedure will come in handy. There are no set top-down rules, but the following advice will help you organize your time and make your company function better during the process. The lack of regularly created backups in companies is probably due to insufficient time. However, as statistics and recent legal changes show, backup should rank high on the list of company priorities.

What are the backup rules?

  1. What is the situation in the company? To begin with, it’s worth performing an audit aimed at answering the question: how much and what kind of data do we have, and which of them absolutely need to be secured? Every day, a company produces a huge collection of data, from which many items can be removed (e.g. outdated scans, screenshots, expired files, sample letters, etc.). Then you need to segregate the data in terms of its importance to customers. Which of them are crucial for Contractors’ operations? They can be named and assigned, and this will keep you cool in the event of an emergency.
  2. Rule 3-2-1. The clear rule is to make 3 backups, stored on 2 separate media, 1 of which is off-site. This is very strong data protection, as the probability of data loss in such a situation is 1 in a million. It is recommended to store data on internal drives, external drives, in the cloud or on DVD or Blu Ray (however, DVD holds a small amount of data, and Blue Ray cannot be overwritten, but degrades after some time).
  3. Create a company backup procedure. Few people like procedures, especially creating them, but they can save a company’s good name. Wanting to save as much time as possible, it is worth automating backups. Before doing so, however, let’s determine the person responsible for the process or contact an outside company to perform the backup. You will also need to determine:
    • Amount of time to recover data.
    • Will these actions have any impact on the company’s operations or customer service?
    • Determine steps to take after restoring data.
  4. Conducting tests. If the company has the time and human resources, tests can also be conducted to help determine whether:
    • The process went correctly and the data is available.
    • Data recovery is proceeding as it should.
    • The company’s employees have been instructed and have assimilated the knowledge of what to do when the company needs to recover data.
    • It is worthwhile to carry out various data recovery tests, i.e. both from files, virtual machines and from the server.

backups: how long to keep them?

You can keep them until the legal basis for their processing lasts. If such a basis does not exist, personal data from the backup should be deleted or anonymized. The user, in accordance with Article 17 of the RODO, has the right to erasure of the data to which it relates, among others, in situations where the purpose of the processing has ceased, the user has objected to processing, or the personal data has been processed unlawfully.

In addition, if an administrator has made personal data public to another administrator, it is required to inform other administrators that the user has requested that personal data be deleted from backups. Please refer to the article on RODO.

DATA PROTECTION AT ITH.EU

At ITH, the security of customer data is our top priority. Our offer includes network protection, backup, auditing and monitoring, we have a cloud firewall, VPN and stable, high-speed hosting. We encourage you to use the services of our specialists.

This may interest you

Protect your files - everything you need to know about data backup

23.12.2024
Hosting
In today’s digitized world, we store most of our information digitally – on computers, smartphones or in the cloud....

How to verify an unknown phone number and avoid spam?

16.12.2024
Security
Each of us has at least once encountered a situation where an unknown phone number has caused doubt –...

Sideloading - how to install applications safely

09.12.2024
Internet
Every day we use mobile apps, which we most often download from official sources such as Google Play or...
View more posts