We look at the benefits and risks of data storage options, comparing local storage with cloud-based alternatives
Selecting the right strategy for storing and backing up data is essential to the smooth running of day-to-day operations.
This article looks at some potential options for charities to consider when storing data. We discuss the advantages of each data storage option, as well as their cost-efficiency, and we also take a look at some of the associated risks.
The UK Data Service suggests that data needs to be securely destroyed once it is no longer needed. Charities should consider long-term solutions to monitor when data may need to be destroyed.
The UK Data Service also recommends using two types of storage to ensure it is recoverable when needed and to mitigate against technical issues preventing data from being accessed. It also advises that data is always encrypted.
In addition, information should be kept separate to ensure they cannot be linked together. Separating data further protects the subjects of the data. For example, signed consent forms containing identifying information should be stored separately to data files. If required, an anonymous identification system can be used by the charity to link the two sets of material together.
One benefit of storing data in-house is that it gives charities full control over their data. Responsibility for the security of the data rests solely with the charity, without the involvement of a third party.
Local storage options also have the benefit of allowing work to continue offline, as the data can be stored on personal devices. That is a particular benefit with the switch to remote working, as some charity employees may have struggled to access cloud-based data due to a poor internet connection.
One of the risks of storing data locally is physical damage, particularly with regards to paper and hardware. Temperature changes, humidity, air quality, and poor handling can all have an impact on data storage solutions. Magnetic media, such as those used in hard drives, can be subject to physical degradation.
Rooms used for the storage of data should reflect the need to keep information protected and recoverable. Hard drives are more likely to crash in hot offices, for example, and fire and flood can cause untold damage to physical data.
When storing data locally, charities need to ensure they have put adequate protective measures in place. In terms of paper data, sunlight and acid can prove harmful. Charities should use robust storage boxes, acid-free paper, and non-rust paperclips.
Cyber security risks also effect data stored in-house, particularly the threat of malware. Malware attacks depend on the creation of malicious software that is installed on a user’s device without their knowledge, usually with the aim of accessing personal information or damaging the device.
Malware attacks include spyware, ransomware, and Trojan horses. These attacks are growing in sophistication and have spread since the rapid growth of remote working. Charity professionals need to be particularly cautious when working from home and storing data on remote systems.
Charities can mitigate cyber security risks by taking simple steps, such as keeping software updated, creating strong passwords, using a password manager, installing robust anti-virus software, and putting in place protocols to protect them against a data breach and prepare them for a data breach.
Another solution to storing data is to use cloud-based options. Cloud-based options ensure data can be stored digitally, which saves charities money on purchasing and maintaining hardware. Cloud-based options are usually more cost-effective than local options, often requiring only a subscription fee.
Cloud-based storage has the unique benefit of providing access anywhere, which has become particularly important since the shift to remote working. Documents and data on the cloud can be accessed via the internet from any location, using most devices, allowing a greater degree of flexibility.
Using the cloud also circumvents many of the core risks associated with local storage options. Physical damage, theft, and fear of fire and flood pose no risk to cloud-based options.
But there are downsides. One of the main risks to cloud-based storage options is social engineering. ‘Pretexting’ poses a particular threat. Phishing attacks, for example, are increasingly targeting cloud-based data.
Cyber attackers send phishing messages, usually via email and text, with the aim of retrieving cloud-based storage credentials, which would help cyber attackers gain access to huge amounts of data.
Charity professionals should not to click on untrustworthy emails and should practice caution even when emails seem genuine.
If you think an email is genuine, you can make some basic checks. Pay particular attention to the email address – noting discrepancies, which are sometimes subtle, but often obvious. Practice caution when emails contain vague wording, such as ‘Dear Sir or Madam’. And do not be fooled by claims of urgency. Phishing attacks regularly purport that an action is urgent in an effort to force employees to act without much forethought.
For more advice, check out our article: Protecting your charity from social engineering.
The UK’s departure from the European Union may have an impact on charities’ data storage if the data is hosted or backed up overseas. This will largely depend on whether the supplier of data storage is based in the EU or another overseas location. It may well be that special arrangements need to be put in place before data can be transferred across territories.
According to advice from the Directory of Social Change: “The most obvious first step for most voluntary organisations is to make sure you know where each of your cloud providers hold the personal data that they process on your behalf.
“Many organisations have in the past aimed to avoid data protection complications by specifying that their data should be stored within the EU. You may now have the option of moving it to the UK, if you feel that is the best solution.”
Check out our article for more information on Brexit and GDPR.