Protecting an organisation’s most valuable asset: why a solid data management and protection strategy is non-negotiable
By Pieter Engelbrecht – Datacentrix business unit manager: data management solutions
With businesses in today’s digital economy having access to more data than ever before, a good data management and protection strategy is critical. Not only does proper data management allow for intelligent, informed decision-making, it also reduces the risk of data loss and, importantly, ensures that valuable data is secure and protected from theft and attacks.
We’ve seen many examples recently, both global and local, on what can happen when your data falls into the wrong hands. Unfortunately, South African companies are being increasingly targeted by cyber criminals, a point that has become more and more apparent over the past two years as businesses had to rapidly make changes to their environments for remote working.
Ransomware is a particular challenge locally, with Mimecast reporting earlier this year in its State of Email Security 2022 report that 60% of South African companies had experienced a ransomware attack over the previous 12 months, a statistic that had increased from 47% in 2020.
The truth is that it’s a case of when an organisation will be affected by a ransomware attack, not if, and therefore, similar to physical home security, it must have measures in place that make it more difficult for would-be criminals to gain access.
Best practices for data security
There are three best practices required for data management, namely: protection, detection and recovery.
- From a protection point of view, businesses must ensure they have three copies of data at the very least – two copies on different storage types and a third copy held off site on immutable storage.
- For detection, it is important that any data backup and recovery solution implemented includes malware scanning and anomaly detection. Because there are generally few changes from backup to backup, your solution must be able to report on an out-of-character increase in change rates, for instance, as this could indicate an anomaly and will allow you to take swift action.
- When it comes to recovery, the rule of thumb is that the sooner you know there is an issue, the sooner you can recover from it – by the time you receive that ransom note it’s too late. Systems and solutions must be tested regularly, and it’s also important to ensure that employees know how to use the solution and are comfortable with it, as there is an important people element when it comes to data management.
Encryption is also more important now than ever before, because even if data is taken, it is then more difficult for the cyber criminal to decrypt without the correct keys.
How do you go about executing a data management and protection strategy?
A solid data management and protection strategy requires several considerations.
Firstly, the company must get to grips with and understand its data. Around 14% to 17% of people’s data is ‘clean’ data, which is the important and valuable information, and approximately 35% is redundant, obsolete and trivial (ROT) data, or information that has little or no value to an organisation any longer, although it is still retained. The balance is dark data, which is generally unstructured data that is unused, unknown and untapped.
There are clear risks in not knowing your data, particularly in light of the Protection of Personal Information (POPI) Act, from both a security and regulatory perspective, and so this is one of the biggest challenges to data protection and management.
Other important components of the strategy include data risk management, data access management and control, protection policies and procedures, standards and regulatory compliance, and data backup and recovery procedures.
When it comes down to it, though, a business must remember that a data management and protection strategy cannot operate in isolation – it must form part and parcel of a greater protection approach that includes other security measures, from firewalls, spam filters and e-mail protection to anti-malware and point protection software.
For more information on Datacentrix’s data management offering, please visit https://www.datacentrix.co.za/data-management.html.
Datacentrix is a leading hybrid IT systems integrator and managed services provider that enables digitalisation success.
Our expert teams leverage the power of ICT technologies to connect, transform, optimise, and future-proof business, supporting clients throughout their digital journey.
Datacentrix offers deep technical expertise across a mature offering and provides proven execution capability that is endorsed by the world’s foremost technology partners. With a strong African footprint, the company is recognised for its agility, in-depth industry knowledge, ethical practices, and strong overall performance.
The company is a Level One (AAA) B-BBEE Contributor, with 135 percent procurement recognition.
For more information, please visit www.datacentrix.co.za.