Employees Donâ€™t Follow Data Storage Policies
It's not uncommon for companies to implement data storage policies; however, research shows a majority of employees resort to measures that are not in compliance with the set guidelines.
The survey – conducted by Kroll Ontrack, a provider of data recovery solutions and legal technologies products and services – revealed that while 40 percent of respondents belong to organizations that have concrete data storage policies in place, a whopping 61 percent of them admitted to mostly saving data to a local drive as opposed to the company network.
"We [wanted] to find out exactly how companies and where companies store their data – and the thing to do now is to implement policies and procedures to protect the company's intellectual property and also protect them from losing or misplacing customers' data," said Jeff Pederson, manager of data recovery operations at Kroll Ontrack.
"Part of this is separating what we consider traditional data loss – meaning a hard drive or piece of media has failed and it needs to be recovered – with what a broader market deems as data loss – meaning personal information has been compromised or data has been stolen from a laptop, [for instance]," he added.
Common data storage policies that organizations have in place run the gamut, depending on factors such as the size of the business, as well as the IT team and what it plans to implement.
"The large organizations [will] have policies and procedures put in across the board that can and do limit where employees can store their data. They can put policies in place that don't allow end users to save to the local disk [or] won't allow them to copy to a USB or thumb drive," Pederson said.
Small businesses, on the other hand, typically don't have broader checks and balances or "safety nets" in place for data recovery, which are backups that an IT person performs and checks on a regular basis, Pederson explained.
"The amount of compliance comes down to the perceived ease and want by the end user to be able to access data when they want it and how they want it, and not have to connect to the corporate network to be able to have access to [certain] information," he said.
"[Employees] want to save it to their local drives so that when they're out in the field answering customer issues, going through their day-to-day flow [or] are in a meeting, they want to have that data at their fingertips and be able to pull it up on that laptop as opposed to connecting to the corporate network and finding the data and policies that have been put in place by the company."
Doing so has obvious risks – including the possibility of data being compromised. And certain types of information are particularly vulnerable to data loss.
"Typically, the information that's sought after [includes] databases, spreadsheets and e-mail that the customer has because that's rife with information, contact information, customer names, addresses, etc.," Pederson said.
However, companies can take certain measures to ensure internal data remains protected.
"Most corporate clients implement some sort of encryption policy," Pederson said. "Beyond that, it's adhering to and knowing what your corporate policy is regarding where you can save your data."