Why secure backup is vital for financial firms
By Stuart Janicki • 09 Jul 2013
Document retention is a reoccurring problem for financial services firms. Legal retention requirements means there are large volumes of data held for multiple years with seemingly infinite versions.
It's here somewhere...
This is why the issue of data loss is so critical. For most industries, losing data is highly inconvenient. When important data gets deleted, overwritten or corrupted it has to be recreated at great expense. We’ve all sunk our head into the keyword when *that* file goes missing. But when a firm is unable to produce a certain document before the destroy date, it gets a bit more serious.
So data has to be backed up. Sounds simple, but considering the above factors, the sheer amount of data seems to grow exponentially.
This is why data loss and data breaches go hand in hand. Finding a solution to a growing data backup set means the easiest option is often the cheapest one. But cheap isn’t always the best, and often becomes quite leaky, or becomes a data breach. And remember that firms hold a lot of information about customers that any fraudster would love to play with.
What does this look like in reality? There are three main culprits: the old champion in the corner – the unencrypted tape backup on the backseat of a car; the rising star – the external USB hard drive left on trains, planes and automobiles; and the new kid on the block – cheap, nasty and unaudited online backup suppliers.
All too often, this happens simply because it becomes the norm. Firms don’t tend to audit how backup is done and the IT department are too busy and ingrained to change for the better. Unfortunately, the only time when change is suggested is when something goes horribly wrong.
Now is your perfect opportunity to consider how data backup factors into your data security plan.
For some, tape backup is still the best way to work. But ask yourself if the tape is encrypted? Where is it being produced? Is it stored in a fireproof safe? And how do they get there? As with tape backup, some companies often use external hard drives to keep data backups. Both of these small forms are as easy to steal as they are for you to transport. So make sure that the data is encrypted and the device is kept secure.
If you’re considering online backup, encryption is important not only in storage but in transfer. Even the most secure, bullet-proof, disaster-protected, mountain-deep data centre in the world is useless if data is sent down a pipe that can be tapped into. This is as much to do with the software as it is your network. Never transfer data over an open network. Don’t make it any easier for someone to access your data.
If you’ve got encryption on these three solutions then great! But... There’s always a but, is it any good? Have you checked that you’re using an up to date standard, or the standard which your particular branch of financial services requires. It’s important to check it isn’t running cryptography from the 19th Century or basic modular arithmetic. Encryption is a very comforting word, but the complexity of it means that there are so many different and confusing levels of technology.
So finally, you’ve got a backup, it’s transferred securely and the encryption is up to date. Have you audited the backup supplier? Ensuring that the vendor isn’t running easy-to-obtain backup software on a server from Grandma’s shed is important. Check the reputability of the supplier. Ask them about their procedures, their security processes and how they vet their staff. Do you know who has access to the data and do you know where it is stored?
This is why standards such as the ISO27001 information security are so highly sought after and hard to achieve. Make sure you get visibility or documentation on the security of data and ensure you conduct regular audits, asking for new certifications as they are due for renewal.
Share this post