|Figure 1: Causes of Data Loss (source: a survey of 50 data recovery firms across 14 countries, DeepSpar Data Recovery Systems) deepspar.com
How is data lost?
Data loss can be attributed to many different causes, perhaps the most obvious being hardware failure.
Computers can falter for many reasons as they are mechanical devices. Manufacturing defects, or simply old age, can be responsible for failure. In such cases, simply having important data stored on another form of media is usually enough to recover data that has been lost, and this works well for most offices.
However, hardware failure is not the only threat to data, and this simple approach is not suitable for all chiropractic offices.
Natural disasters, such as fires and water, not only have the potential to damage the computer, but they also can destroy the structure that it’s in. Theft of the hardware, especially in the case of laptops, is a major concern, as is theft of the data itself while leaving the hardware in place. In these instances, simply having an onsite backup is not good enough, as that backup can be destroyed or stolen as well.
Viruses and malware are another concern, as they pose a serious threat to any computer and the data contained within. Some viruses and malware are more of an annoyance than anything else because they simply display ads or useless messages on the screen. Others are much more problematic, as they can intercept data or corrupt entire systems and render them useless. Poorly set up computers and office networks can also be the cause of corrupted data and loss of information. A good software company can, in most instances, fix the corrupted data, but it requires an enormous amount of time.
Survey results from companies that specialize in data recovery may be used to investigate the primary causes for how data actually gets lost.1 Hard drive failure is the most common cause of data loss, accounting for 38 per cent of data loss incidents. Drive read instability includes occasions where media corruption or degradation prevents access to the data on a disk. This explains 30 per cent of lost data.
Software corruption, which might include damages caused by system software or another program (e.g., a virus attack), accounts for 13 per cent of data loss incidents. Human error accounts for 12 per cent of data loss episodes. This includes the accidental deletion of data as well as the incorrect partitioning of the hard drive. The relative magnitudes of the different types of data loss are illustrated in Figure 1. (This analysis ignores data loss due to theft, an increasing problem
given the growth in use of laptops.)
A BACKUP PLAN
In order to sufficiently protect data in cases such as these, a backup plan needs to be robust, redundant and transparent. Further, the most comprehensive plan won’t do much good if the end user fails to apply it. Data should be backed up both onsite, as well as offsite to properly protect against a variety of threats that can occur at any time. Below are some examples of methods that protect data from both internal and external threats.
Any backup strategy should consist of weekly full backups that involve copying all the files on a given disk, as well as daily incremental or differential backups that copy only the files that have been changed or modified since the previous backup. Full backups are slower and are best completed when the system is not in use; daily backups are faster and should be done when all changes to the data have been written for the day. The media for this backup should be large enough to accommodate several weeks of history, so that if a virus causes data corruption the chances of finding a clean copy of the data are increased.
Redundant Array of Independent Disks (RAID) is an excellent way to protect against data loss by introducing redundancy. RAID-1 is a disk mirroring technique that employs two or more disk drives in such a way that data is written to more than one disk simultaneously. By using RAID-1 the chances of data loss due to disk failure are reduced because if one drive fails in the array, the information is safe on another drive; you simply replace the defective drive, and rebuild the array. RAID can be implemented on the computer itself, on a server that stores data from multiple users, or both. It also solves the transparency issue as no user action is required for it to function.
RAID should not be construed as a replacement for daily and weekly backups; it should be considered an adjunct to increase the safety of the data.
Theft as stated earlier can be of the physical hardware or just the data itself. It’s not hard to envision a crime of opportunity such as someone walking past an empty conference room where a laptop sits unattended on a desk, and simply picking it up and walking away. Stealing just the data, however, can take on several forms, such as physically sitting at the computer and copying information to removable media, hacking into the system to acquire the data, or even planting software that captures the data and sends it to a remote location. This is where offsite storage options can be of help, as the stolen data is duplicated at another location that has not been compromised. Offsite storage also protects data in the event of structural compromise, such as fire or flooding.
Offsite storage can be accomplished by physically taking a copy of the data on removable media to another location. An example of this would be two offices that conduct the same business in close proximity to each other; someone would simply take backup media from one location to the other, and vice versa. The problem with this approach is that it is time-consuming and requires human intervention, and thus introduces the possibility that it may not get done. A better solution would be to utilize network communication to send the data to a remote location. Individuals and small organizations can purchase space from companies that offer such services; larger organizations can choose to maintain an off-site storage solution themselves.
Data encryption, while not a backup solution in and of itself, should be considered as a way to combat theft, especially if the data contain personally identifiable information or are sensitive in some other way.
A stolen hard drive or intercepted communication can contain valuable information; encryption makes it very hard, if not impossible to read that information. A good program will have some form of data protection as part
of the security.
Next time you and your staff are tempted to just bolt out of the office for the weekend, think twice about what you would do if disaster should hit. Make it a goal to create a solid backup plan to protect all your information. Your plan should include an onsite backup copy and an offsite backup copy as well as both incremental daily backups and full backups for the week.
1. Robin Harris, “How Data Gets Lost,” ZD Net Storage Bits, August 6, (2007).