According to IBM Security’s 2025 Cost of a Data Breach Report study, as recently as 20 years ago, as many as 45% of data leaks resulted from the loss of devices such as laptops and flash drives. Today, the scale is smaller, but incidents of this type still occur and are noted in security reports. So how do you protect your data from leakage? On the occasion of World Backup Day, which falls on 31 March, Kingston’s expert advises on how to effectively protect your information from falling into the wrong hands and your business from reputational and legal consequences.
In modern times, data is undoubtedly one of the most important assets that businesses have. At the same time, as the amount of information stored increases, so does the scale of the consequences when it is lost through hardware failure, cyber attack or human error. Therefore, backup is no longer a matter of choice or an optional activity, but a necessity.
– Making backups is a very sensitive process, as copies usually contain all of a company’s most important and sensitive data. Therefore, their protection strategy should include a provision on how to secure copy media. Such an approach will ensure peace of mind for the company’s management and IT staff, as it eliminates the risk of violating the law, in particular the Personal Data Protection Regulation,’ says Robert Sepeta, Business Development Manager at Kingston.
Key data, greatest protection
The first step towards ensuring data security should be to identify those that require the most protection. Typically, this is financial and operational information, personal or legally protected data, or other information with the greatest impact on the business. As the results of this analysis can have a direct impact on business continuity, it should be done by management together with IT professionals who know how the data is currently stored and what threats it is exposed to. It is also worth checking that, in addition to the information processed by the company, backups are made of operating system images and applications.
One of the most basic data storage strategies is the 3-2-1 rule, which requires three copies of the same data, on two different storage media, one of which should be kept in a separate location, outside of the production environment. This method will significantly increase data security and minimise the risk of data loss due to physical factors as well as cyber attacks.
Once you have chosen the media for the backups, you need to plan the schedule for the backups. This too depends on a business decision rather than a technical one. For each type of data, the company’s management should determine the period of time during which copies will not be made, so that information produced or acquired during this period may be lost. The frequency with which copies are made, and therefore the associated costs, will depend on this. Data from some types of systems (less critical or less frequently updated) will only need to be backed up once a week, but from others, even several times a day. At the same time, it is important to determine the time during which the possibility of recovering data or restoring IT systems is guaranteed. It is also always necessary to remember to verify the correctness of the backup and the recoverability of the data.
Storing backups – in the cloud or on disk?
An important recommendation of the 3-2-1 rule is to store one of your data copies off-site to protect against theft or the effect of disasters such as fire, flood or building collapse. One possible method is to store a copy of the data in the cloud. This is one of the simplest and most convenient solutions – it allows automation of the copying process and access to data from anywhere. However, this method has three drawbacks: the time to access the data is long if a large amount of data needs to be restored to the production environment, the security of this data against cyber attack is sometimes insufficient, and – most importantly – many entities processing sensitive data (medical, financial) cannot use this method due to legal restrictions.
In such a situation, a good solution is to use USB-connected external media, which, according to the 3-2-1 principle, will be a second type of backup medium. Depending on your budget or preferences, you can opt for mechanical drives, which usually offer more capacity at a lower price, or solid-state drives (SSD), which are more expensive but offer greater data durability, resistance to mechanical damage, speed of data transfer, and some models also have a built-in hardware encryption module.
– Nowadays, encrypting data on portable drives, especially if these are copies of the most important sensitive company information, is almost mandatory. This is the most effective way to ensure that data does not leak if the media is lost. Professional encrypted media are equipped with a number of protective mechanisms, including the function of destroying the data on them if an incorrect password is entered several times,” says Robert Sepeta.
Nowadays, in the face of increasing threats, which are mainly legal consequences due to data leakage, it is worth paying special attention to the way information is stored. Disclosure of sensitive information can have a significant impact on the operation of a company through high costs associated with litigation or damage to its image. Implementing a few simple rules, the cost of which is several orders of magnitude lower than the potential losses, will allow you to protect your data and thus maintain a stable and secure position in the market.
Source: Kingston
