Backup Anytime

Data loss is something you may read about frequently. You may have had your own details breached or likely know someone who was affected. It is far less likely that you know someone you was compensated due to data loss. When was the last time you heard of data loss compensation? It is quite possible that data about you has been lost and you were not informed. It is much less likely that you will ever be compensated for any data loss incident.

With all the coverage data loss stories get in the newspaper, television, radio and  indeed blogs is remarkable that most people will never have heard of a data loss compensation case let alone know someone who was compensated. This is not specific to Europe but given the existence of a Euro comissioner and data comissioners in every member state, Europe is a good place to start.

Data loss is on an upward climb. Data loss awareness has certainly not been left behind. The medias continued coverage of data loss stories is a good indication not necessarily of the dangers presented by data loss (which are very real) but more so of the keen interest the public have in data loss news stories.

Some may believe that a data loss news story about a bank or corporation is near punishment enough for that institution. This may have been the case some time ago when the number of data loss news stories was minimal compared to now. Today however, a single data loss story will struggle to stand out.

Large businesses appear to continue without great difficulty after a data breach. The situation has become so common that some people may consider the occasional data loss event as normal! How come?

Here are some of the reasons.

Sanction.

Some of the possible sanctions which exist for data loss may appear quite serious to the individual or the small business but given that sanctions are on a per incident basis and not on a per person affected basis they dont actually have much effect on the bottom line and therefore planning of a bank or large corporation. What effect will a fine of one or two million Euros have on a major financial institution?

Breach procedure.

The existence of data protection legislation and data commissioners is intended to provide a level of protection for the public. The number of cases has now got to such a level that an organisation can take the procedures adopted and outcomes of prior cases as a learning curve in how do deal with a breach from the organisations viewpoint. A basic example is that simply reporting an incident on time (no matter how serious the incident is) removes that incident from the worst case scenario list. Organisations will use this and spokespersons will repeatedly say things like “The incident was reported within an appropriate time frame”, giving credence to an organisation which has compromised individuals due to its own failure to implement safeguards.

Compensation.

Data loss compensation is the most important issue here. You are not entitled to compensation because an organisation lost your data. If you need to read that last line again, go ahead. This applies even if the company lost your name, address and bank account number. The data loss has to result in a specific problem such as a crime against you and you need to be able to clearly demonstrate the link. This is rare and unusual compared to the amount of people about whom data is lost.

Number of events.

The number of data loss events reduces the significance of any one story and therefore the impact on the organisation involved. The apparent across the board inability of large numbers of organisations to protect data is actually to a degree legitimising their inaction.

Compensation requirement.

Large fines for corporation are not working. Prosecution at CEO level is always difficult and could be unfair. It’s all too easy to say a CEO is responsible for the business but most moderate people would agree that a line must be drawn somewhere.

A small standardised data loss compensation amount per individual could change everything. This would result in large corporations increasing protection as one mass data loss could hurt. It would also provide recognition that to loose someones data in a manner which puts it in the wild is wrong and is a wrong against that person.

By all means if people were significantly affected by a data loss the door would be open for greater compensation at individual case level but one thing (of many) that is needed to greatly increase protection and data respect is a small per person per case standard amount.

This would not be difficult to implement in Europe (if the will is there) as we have a broadly common framework and this area is in its infancy (one hopes given the apparent lack of control) and clearly needs broad, common action.

The specifics of the amount are not important if it is small enough to be accepted by industry and large enough to make data loss prevention a serious issue.

Can small business benefit from data deduplication?

Data deduplication (dedupe), simply put is the process of limiting the number of identical versions of data retained on a network. Single instance storage (S.I.S.) allows for one copy of a headed paper or logo image to be used by all apps and users. This significantly reduces storage requirements and assists with centralised storage implementation.

An example of deduplication which is used at small business level is Microsoft Exchange Server. Small business often unknowingly benefit from deduplication as a consequence of it being an integral part of specific applications.

Small firms however are behind in the area of overall data deduplication. Deduplication specific applications which as a task focus singularly or primarily on data deduplication are still the domain of larger businesses.

Small business users often lack in awareness or resource with regard to emerging technology and this is an example which is costing small business in terms of efficiency and storage requirement. Companies with a deduplication implementation benefit from reduced local and remote storage costs, have a more manageable data asset bank and an easier compliance road-map.

In time, as awareness increases and capital outlay requirements decrease, small businesses will increase their uptake of data deduplication and the associated benefits. The trend (or lack of) on behalf of small business not to participate in data deduplication is by no means proof of any shortage of value or R.O.I. difficulties. Some smaller businesses (generally those with good I.T. management and suitable budget) are increasing their data efficiency, storage savings and competitiveness by employing company wide data deduplication.

A proliferation of data deduplication at application level which will involve household names in the software business adding dedupe capability to their software will offer application specific deduplication benefits to small business. The paradox with technology gains in bundled software is that small business often see this as their overall solution to that specific technology. If in time, your accounts and payroll apps offer dedupe technology as standard this will by no means be a company wide deduplication solution and any belief to the contrary could lead to critical areas being missed and low overall gains.

If you intend to employ deduplication and have decided to wait and avoid being part of the vanguard, maybe you have waited long enough. Deduplication has matured. There is a sufficient number of high end players to ensure competition, quality and value.

Some say it is never the right time to buy technology. In the data industry, any time before it is too late is good. Immediately is very good. Last week is excellent.

Regular readers who read our posts from RSS, actual URL address or link may not be aware but Backupanytime.com are currently suffering great difficulty with Google positioning. For some considerable time we enjoyed number 1 position in Google for our favoured search terms. Indeed we were in positions 1 and 2 for many. Additionally, many similar appropriate search terms listed us on the first page in Google. More recently Google sitelinks were added to our website.

Last week we noticed that a new post on our blog was taking considerable time to become indexed. This drew our attention as we had become used to blog posts being indexed in Google within fifteen minutes. We took no action and put it down to crawl speeds. We do not need 15 minute indexing anyway.

Time passed and the situation worsened. Today, backupanytime.com is more or less off the Google radar. A search for site: www.backupanytime.com does show two results for us in positions one and two. None of the other pages shown are from our site. A search for “backupanytime.com” does show the very presentable sitelinks results. Other than a few other highly appropriate searches, we just are not in Google to the extent we were up to last week.

We are still trying to make sense of this. Remember, backupanytime is a small site. The static site only undergoes a couple of changes a week. The blog only receives an average of one new post per day. We have never bought a link. We have never joined a link referral program. We have never hosted illegal content. All of our content is original. We do not use email as a marketing tool. We have never sent spam. A check of our Google webmaster tools shows no difficulty bar a small number of long or short meta descriptions. We address these ongoingly and our web people tell us this is common among well managed sites and is not the issue.

Add to all of this that we have not received any complaint from any source and our site has not been hacked and you can see that this problem is not just a great concern but also very difficult to figure out. We posted a re-inclusion request with Google. We had never had to do this before and therefore did not know what was likely to happen. We got back a message explaining that the request would be looked at and this could take a number of weeks. Does this mean that Google thinks we have breached behaviour guidelines or is this a generic response to a re-inclusion request? We don’t know.

The reason I am focusing on Google here is that we are still represented favourably by the other major search engines. About half of our traffic comes from search engines. The remainder is split fairly evenly between direct search and referrals. Most of our search engine traffic comes from Google.

In the interim our traffic is down about 30%

Remember we are talking here about a small, well managed site which focuses on the niche market of online backup and has enjoyed success in search engines for online data backup over a long period of time. This isn’t complicated, has worked and there has been no significant change in approach in the recent past.

If this is to be resolved in the coming weeks then there is no long term difficulty. The problem with this best case scenario is that we will have learned no lessons.

The worst case scenario would be unthinkable only we absolutely have to consider and prepare for it.

Have you had an experience like this? Do  you know the cause or the solution?

All genuine responses appreciated.

lAs reported earlier, a major payment card fraud took place in Ireland whereby persons entered premises where card payments were accepted under the pretence of representing payment service providers.

See http://backupanytime.com/blog/?p=134

At the time the focus was on Bank of Ireland as that bank had taken action by reducing spend limits on cards and indeed disabling ATM withdrawal on a cross section of cards. Since then the assumption that the same incidents must have affected clients of other banks has proven correct.

This writer (an Allied Irish Banks client) was contacted by AIB who told him his card was compromised. There were no unauthorised purchases r withdrawals made with the card but the details of the card had obviously got in to the wrong hands as a consequence of the weekend sting.

The card was duly cancelled and a new one (takes five working days) is on the way.

So, it would appear Bank of Ireland are due some praise this time round for making their public action and announcements ahead and more visible than other affected banks.

It should be made clear however that every bank affected suffered similar difficulties because of weaknesses in security (more specifically data protection) at card accepting shop floor presence. The major problem is the lack of training at shop manager and cashier level with regard to protection against social engineering.