Do All Your Employees Back-up, How Do They Back-Up, and Why Should You Care?

Yes, we’ve been addressing the new risks associated with remote employees, probably ad-nauseam. Still, as we approach World Backup Day on March 31st, we can’t help but remind you that having a backup policy for your remote employees, well, all your employees, is an essential part of your IT Asset Management plan. 

Backing up your computer, phones, or any devices being used by employees is essential. Think about all the Intellectual property stored on employees’ computers, even as introductory as team notes and brainstorming documentation. Think about all the risks currently associated with data security, from basic viruses to elaborate hacking schemes. While larger organizations and those regulated for data security usually have complete backup plans, common mistakes still occur. These often result from frequency issues and improperly securing or encrypting backed-up data.

Additionally, even the best-trained employees often don’t recognize that they are in the middle of a disaster because they are in the middle of it. The coronavirus was a perfect example. Employees were sent home in a reactive state, knowing they had the proper equipment to work from home, but they did not have the plans for ITAM in place, like who is responsible for doing what. The more confusion there is, the more risk and negligence there is in your backup plans. 

Smaller companies across industries are beginning to seek IT Asset Management and IT Asset Destruction companies’ support because of increased risks. They may not have addressed or tackled this issue at all. Often employees, left on their own, will backup data using USB memory sticks or external hard drives. While this may seem like a good idea, the risks may be too significant. 

Remember, these drives are subject to the same virus and spyware risks as your computers. Most small to mid-sized organizations have entirely lost control of these devices in regards to protecting them. Increasingly, companies are becoming even more lenient about where and when their employees can work, opening even more of a risk to employees traveling with flash drives or other devices containing valuable information. While we love the flexibility brought on by the pandemic and don’t want to lose it, we also know that without a properly managed portable storage security policy, organizations of all sizes are open to risk.

While not directly related to backups, A Ponemon Institute study shows that personal device use and remote work created new attacks. The statistics bear noting.

• 60% of respondents have already experienced cyber-attacks during the pandemic
•  51% said that malware or exploits managed to get past their defenses
•  Of these attacks, credential theft (56%) and phishing (48%) were the most common approaches.
•  The average cost to deal with one of these incidents was $2.4 million.

When we examine remote backups, we also see a common occurrence of credential threats. Employees tend to use common passwords even on encrypted backups or encrypted external drives. While small companies may be left to wonder where to start, we believe you have to start somewhere. As you approach World Backup Day, why not start reviewing your policies related to backups? Are you doing anything? Begin communication with all your employees and gather what is happening now. It’s good to be aware of your vulnerabilities. Then begin to develop your policies. If you have a device in your ITAM plan, you also have its backup to consider. Awareness is the best starting point. If you allow for backups on external devices, those devices need to be part of your destruction plan. Countless flash drives are floating around with company information from terminated or resigned employees. While this may seem insurmountable, the fact is most people are still good people who want to do the right thing—having a plan allows you to mitigate the risks. And backing up properly is always a good idea.