Firms not prepared for DR, says Apricorn

Research finds 75% of organizations are unnecessarily putting customer data at risk due to inconsistent protection practices and negligent backup policies, and only 25% of IT professionals admit to following industry best practices for backing up data, according to Apricorn’s (www.apricorn.com) 2023 North American IT Security Survey.

Nearly 40% of respondents say they have experienced a data loss event and 55% report they have had to restore data from a backup as part of recovery.  However, 16% do not ensure that their data backups are clean and complete, and 52% say they keep their backups for only 120 days or less, which is less than half the average 287 days it can take to detect a breach.
 
“The findings detail alarming trends around lax data backup procedures.  While 93% of respondents say that they factor in data backups as part of their cyber security strategy, only one in four follow the 3-2-1 rule, in which they keep three copies of data, on two different formats, one of which is stored off-site and encrypted,” explains Kurt Markley, U.S. Managing Director, Apricorn.

“Hardware encryption and frequent data backup policies are the only two things organizations can count on to protect data, yet we’ve seen very little improvement year-over-year in following these best practices.  In today’s hybrid work culture, it’s shocking to see so many IT professionals driving with their eyes closed when it comes to data resilience. Companies should implement the 3-2-1 method and give employees options to easily backup and secure their data, while also implementing policies for encrypted storage.”

According to the Apricorn’s research, employee apathy puts data at risk.  The human element is a considerable concern, with 33% having experienced data loss related to employee actions.  One-third of employees working in the office don’t consider themselves as potential targets that cyber attackers can exploit to access company data.  This is higher than the 27% remote employees who don’t consider themselves as potential targets.  Despite the lack of employee awareness that they could be targeted, only 50% of organizations encrypt sensitive information for data on the move which is only a 10% improvement from last year.
 
Risk from employees – particularly when data is on the move – remains a top threat to data security, and almost 40% feel their employees’ lack awareness of the risks to data when mobile/remote working could unintentionally expose the company to a data loss event or breach.  While some respondents say they are adequately protected, protection for data on the move is inconsistent across organizations.  
 
“Hybrid work is not new and it’s irresponsible of organizations who offer hybrid work but have not yet adapted their security requirements for it”, adds Markley.  “Employees in all areas of business should recognize that they could be a target for a cyberattack or phishing attempt that could lead to compromised data.  However, many employees feel fully protected by their IT policies, giving them a false sense of security.  This can be particularly risky when employees continue to work remotely or in hybrid settings where sensitive information is on the move.  IT pros should continue to encourage employees to backup data to an encrypted device before working remotely.”  
 
Conducted in March 2023, the Apricorn 2023 North American IT Security Survey consisted of 22 question and answer options and drew more than 250 responses from IT professionals in the United States and Canada over the last 12 months.