Apricorn Finds 75% of Organizations Unnecessarily Putting Data at Risk Due to Inconsistent Protection Practices and Negligent Backup Policies
IT pros state they have data backup strategies in place but survey
reveals they are not prepared for data recovery
POWAY, Calif., June 6, 2023 – Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives, today announced new findings from the Apricorn 2023 North American IT Security Survey, which found that only 25% of IT professionals follow industry best practices for backing up data. The survey details data backup, encryption and resiliency protocols for IT professionals in the United States and Canada over the last 12 months. Overall, the responses revealed gaps in data backup procedures, hedging risks from employees, and securing data on the move with encryption.
Data Backup Protocols are Weak
The findings detail alarming trends around lax data backup procedures. While 93% of respondents say that they factor in data backups as part of their cyber security strategy, only one in four follow the 3-2-1 rule, in which they keep three copies of data, on two different formats, one of which is stored off-site and encrypted.
The importance of clean and accurate data backups is critical, with 37% of respondents having experienced a data loss event and 55% reporting they have had to restore data from a backup as part of recovery. However 16% do not ensure that their data backups are clean and complete, and 52% say they keep their backups for only 120 days or less, which is less than half the average 287 days it can take to detect a breach.
“Hardware encryption and frequent data backup policies are the only two things organizations can count on to protect data, yet we’ve seen very little improvement year-over-year in following these best practices,” said Kurt Markley, U.S. Managing Director at Apricorn. “In today’s hybrid work culture, it’s shocking to see so many IT professionals driving with their eyes closed when it comes to data resilience. Companies should implement the 3-2-1 method and give employees options to easily backup and secure their data, while also implementing policies for encrypted storage.”
Employee Apathy Puts Data at Risk
The human element is a considerable concern, with 33% having experienced data loss related to employee actions. One-third of employees working in the office don’t consider themselves as potential targets that cyber attackers can exploit to access company data. This is higher than the 27% remote employees who don’t consider themselves as potential targets. And despite the lack of employee awareness that they could be targeted, only 50% of organizations encrypt sensitive information for data on the move which is only a 10% improvement from last year.
Risk from employees – particularly when data is on the move – remains a top threat to data security, and almost 40% feel their employees’ lack awareness of the risks to data when mobile/remote working could unintentionally expose the company to a data loss event or breach. While some respondents say they are adequately protected, protection for data on the move is inconsistent across organizations.
“Hybrid work is not new and it’s irresponsible of organizations who offer hybrid work but have not yet adapted their security requirements for it”, added Markley. “Employees in all areas of business should recognize that they could be a target for a cyberattack or phishing attempt that could lead to compromised data. However, many employees feel fully protected by their IT policies, giving them a false sense of security. This can be particularly risky when employees continue to work remotely or in hybrid settings where sensitive information is on the move. IT pros should continue to encourage employees to backup data to an encrypted device before working remotely.”
About the Survey:
Comprising 22 question and answer options, and drawing more than 250 responses, the Apricorn 2023 North American IT Security Survey poll was conducted in March 2023. Nearly 65% of respondents have 11 – 20 years working in IT security, with 19% responsible for making final decisions about IT purchases.