Is your data safe and secure?
If you use cloud-based Software as a Service (Saas) systems such as Microsoft Onedrive or Shareport, or Google Drive and don’t have separate backup, your business is potentially at risk. We explain below why, what the impact could be and what you can do about it.
You are responsible for your data
Many Saas provders operate on a ‘shared responsibility model’ which in layman’s terms means they are responsible for the infrastructure, but you are responsible for the data. Read the full statement here, but here is a key takeaway from Microsoft:
‘Microsoft is not liable for any disruption or loss you may suffer […]. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.‘
Without backup, what could happen?
There are a number of risks associated with your data:
- malicious or unauthorised deletion of files
- corruption of data
- sync errors on files accessed via multiple devices
- ransomware
Increasing risks
GCHQ’s National Cyber Security Centre released a 2024 report suggesting that the volume and impact of ransomware attacks are expected to increase over the next two years, and that organisations should implement protective measures.
Are you GDPR compliant?
The GDPR requires you to “ensure the […] availability and resilience of processing systems and services; […] and the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident”.
Case study: Compensation Over Data Loss
People often think of GDPR being relevant to data being stolen or misused, but it can equally apply to protecting it from loss. This case study of Tesco paying compensation over data-loss relating to a staff member is a good example of why it is important to control your data appropriately.
What happened?
An employee filed a Data Subject Access Request (DSAR) seeking disclosure of information Tesco held about the employee, but was advised that the company had lost 15 years’ worth of relevant personnel data.
Why was this a problem?
It is not known what happened to the data, but Tesco, as the employer, was supposed to be in control of the data it held relating to the employee, and to ensure it was kept securely. This was a breach of GDPR, ultimately resulting in a £3000 compensation payment.
Protect Your Business Easily
Our backup system can backup multiple sources of data – Microsoft Onedrive, Sharepoint, Teams and Exchange emails, Google Workspace and Shared Drives, Salesfoce, Box and Dropbox – into one easily accessible portal.
Backups are daily, with recovery at any point in time possible, so in the event of a ransomware attack it is possible to simply roll back to recover files prior to the attack.
Once backed up, emails or files can be recovered in bulk or individually.