MOREnet Blogs

Whether #WorldBackupDay is the first time you’ve considered backing up your data, or if  you have a network backup policy in place, we wanted to share a few tips on prioritizing and improving your organization’s data security.

Not all data is created equal. It is simple enough to classify your restricted data as critical to backup, but beyond that it might be difficult to distinguish what should be backed up and what can just be replicated or stored.

How to Classify Your Data:

Restricted Data is considered to be highly sensitive business or personal information. Financial information for the organization, social security numbers of your students, patrons or employees and other critical business information would be considered restricted data. Restricted data is intended for a very specific use and should not be disclosed except to those who have explicit authorization to review such data, even within a workgroup or department. Unauthorized disclosure of this information could have a serious adverse impact on the organization or individuals.

Sensitive Data is data that has personally identifiable elements attached to it. For our members, this could be students or patrons names, addresses or birthdates. Sensitive data is intended for use within the organization or within a specific department or group of individuals with a legitimate need-to-know. Unauthorized disclosure of this information could adversely impact the organization or individuals.

Public Data has been approved for distribution to the public by the data owner or through the organization’s administration. Public data requires no authorization to view and may be considered informational in nature. While public data could be difficult to lose if a disaster occurred, day-to-day operations could continue and no harm would come to your organization legally if it were lost for a time period.

For your sensitive data and public data, it is a good practice to take your information one step further and rate the risk of losing that information or that information becoming corrupt. To assign risk you will want to look at several factors. Is this data essential to continue business immediately? How many staff hours will it take to recreate this data? Decide what the risk of losing this data is for your organization’s business continuity and “sub-categorize” the data risk as high, medium or low.

Assigning Risk

Below are some examples of how classifications and risk might look at an organization. Every organization is going to classify their data differently, these are just examples.

  • Financial Systems – Restricted Data/Critical Risk
  • Student Information Systems – Restricted Data/Critical Risk
  • Teacher Home Directories – Sensitive Data/Average Risk
  • Student Home Directories – Sensitive Data/Low Risk
  • E-mails – Sensitive Data/Average Risk
  • Learning Management Systems – Sensitive Data/ Average Risk
  • Card Catalogues – Public Data/Average Risk

Now is a great time to consider network backup.  We are happy to report that for FY20, we were able to lower the price on our backup service by 23% from the rate for the FY19 cloud solution.

If you want to talk through network backup options, give us a call at 800-509-6673.

 

Leave a Reply