Oops! 75% of data loss from human error. Here’s how to deal with it
When we talk about the risk of disasters, and the importance of business continuity, the conversation is often focused on the most dramatic causes of data loss: hurricanes, lightning strikes, fires, flooding and so on.
But what about the “smaller” events?
… Deleted files
… Misplaced spreadsheets
… Important folders gone missing
These data loss events are actually far more common (and costly) for most businesses. And when the data can’t be retrieved, a simple “mistake” can turn into a catastrophe.
In this post, we look at how data loss is so often caused by human error, along with the best ways to prevent it and recover from it.
Data loss from human error by the numbers
A report highlighted by PC World revealed that 75% of data loss is caused by human error. It’s the single greatest cause of data loss in the workplace. And it happens every single day, at businesses of all sizes, all around the globe.
Need more proof?
- A 2016 report by the UK’s Information Commissioner’s Office found that human error accounted for the vast majority (nearly two thirds) of data loss and data breach events reported to the agency.
- At datacenters specifically, 70% of data incidents are caused by accidental human error, according to research by Uptime Institute.
- In a 2015 survey of more than 400 IT professionals, human error was cited as the top cause of data loss, higher than all other causes, including hardware failure, data corruption and natural disasters.
- When you look specifically at the cause of downtime by data volume, human error is the #1 culprit at 58%, according to figures highlighted by Datto. In fact, the same report shows that loss of access to data caused by human error is even more disruptive to businesses than network outages.
What accidental data loss looks like
If you work in IT, then you already know how accidental data loss typically occurs. These accidents happen all the time.
One of the most common scenarios is when somebody deletes an important file or folder, often when they’re trying to move that data to a different location on the server.
Sometimes the employee recognizes their mistake immediately, making it slightly easier to recover. But other times, it can be days or even weeks before the employee notices the files are missing. To make matters worse, they may not even remember the file name, on top of having no clue when the deletion date was. This makes it even harder for IT administrators to locate it in a backup (assuming there is a backup in the first place).
The same goes for accidentally deleted emails, CRM records, app data – all the critical and sensitive data that keeps your business running.
The mistakes IT folks don’t want to talk about
Here’s the thing …
It’s not just the non-tech employees you need to worry about. IT folks make mistakes too. And when they do, the losses can be even greater.
Above, we mentioned how human error has been reported to cause 70% of data incidents at data centers. That’s a whole different ballgame of data loss, beyond somebody simply deleting files by accident.
These incidents are caused by everything from network misconfigurations to security vulnerabilities. They’re mistakes that are made within the management of your IT systems, whether due to lack of knowledge or a lack of morning coffee. Point is: these events do happen, underscoring the importance of backing up your data.
Wait, what about ransomware?
If you follow all-things-data like we do, then you know that ransomware has become one of the biggest threats to your files. In 2016 alone, it cost small businesses more than $75 billion in downtime. Attacks are happening every 40 seconds on average, locking companies out of their data forever (unless they pay the ransom or restore a backup).
But, there are two key things to keep in mind about ransomware:
- While a ransomware attack can indeed wreak havoc on your operations, it’s not the top cause of data loss. Day to day, it’s far more common for businesses to lose data because of human error.
- What’s the #1 cause of ransomware infection? You guessed it: human error. Ransomware is most commonly delivered via spam and phishing emails. When employees aren’t properly trained on what to look for, they inadvertently click on links or open attachments that drop an infection.
In a Datto survey 1,700 managed-service providers, who together serve more than 100,000 small-to-mid-sized businesses, 83% said the most common cause of ransomware was human error due to a lack of cybersecurity training, especially in regard to dealing with phishing emails.
Preventing data loss from human error
Mistakes will always happen. No matter how much you prepare, data loss from accidental deletion and other human errors is inevitable.
However, there are a few things you can do to reduce the risk of these events occurring and/or minimize the size of the loss. Here’s how:
- Employee training for basic network usage/computing: A little bit of training can go a long way. When onboarding employees, make sure they know how to properly save, move, modify and delete files on the company network. Don’t assume everyone knows how to do this. Additionally, educate employees on the risks of data loss and the importance of notifying administrators as quickly as possible after accidental file deletion.
- Cybersecurity training: Whether it’s part of your overall computing training or separate, you should be educating all staff on safe practices for web/email. This can greatly reduce the risks of data loss caused by ransomware or other forms of malware. Employees should know how to spot the telltale signs of a phishing email or other spam messages from unknown senders.
- Set stricter access controls: Limit user access to only the folders they need, based on the approach of “least privilege.” This approach won’t prevent accidental deletion within the user’s approved directories, but it will prevent them from making mistakes in folders where they shouldn’t have access in the first place. Additionally, in a ransomware attack, it may help to prevent the infection from spreading outside the user’s approved directory, thus stopping it before it hits the whole network.
When data loss inevitably occurs, you need a way to recover it—fast. A single hour of downtime caused by data loss can cost between $10,000 to more than $5 million, so speed is of the essence.
Whether a single file has gone missing, or someone has inadvertently allowed ransomware to lock up all your data, these steps can help ensure a quick, painless recovery:
- Back up your data: This one is a no-brainer. These days, no business should go without a data backup and disaster recovery system (BDR). That goes for small businesses too (no more silly thumb drives!). Backing up your data regularly will ensure that any loss of data, from file deletion to ransomware encryption, can be recovered.
- Allow for multiple restore options: When somebody deletes a single file or even a few folders, your IT folks shouldn’t need to revert back to a large, system-wide backup. On the other hand, when massive data loss has occurred, you should be able to restore everything by selecting the appropriate recovery point. Make sure your BDR can do both.
- Recover missing files faster: The software built into your BDR system is crucial. This is what will allow you to locate and restore deleted data in the shortest amount of time possible. Consider Datto’s Backup Insights, for example, which makes it easy for IT administrators to locate deleted files, even when the file names and deletion dates are unknown. With a few clicks, the interface shows you which files have been modified, deleted or created between any two backups, so that recovery only takes seconds.
- Go hybrid: For greater assurance that your data is always recoverable, deploy a BDR system with hybrid technology, which stores your backups on-site and in the cloud. So for example, if somebody spills coffee all over your servers, you’ll still be able to recover any destroyed data from the cloud.
- Make backups more frequent: If your last backup was 24 hours ago, then all data created or modified since then is vulnerable to being destroyed forever. If something is deleted, it’s gone for good. Make sure your backups can be performed as frequently as needed to prevent a costly data loss or disruption. For businesses that demand the most frequent backups possible, Datto’s systems can back up your data as often as every five minutes.
Start with a business continuity plan
No matter what you do to prevent data loss from human error, make sure your strategies and systems are clearly defined in a business continuity plan (BCP). This comprehensive document will serve as the basis for your continuity planning, identifying your unique risks and outlining the protocols for backup and recovery.
Again, even the most comprehensive BCP won’t prevent all instances of accidental data loss. But it can significantly reduce your risk by ensuring that the business is adequately prepared.
Get a free demo
Request a free demo of advanced data backup systems from Datto, and find out how you can protect your organization from all causes of data loss. For more information, contact our business continuity specialists at Invenio IT: (646) 395-1170 or success@invenioIT.com.