Are You Backing it Up? - Support Internal Investigations and DSAR Requirements

How often is it that an organisation will be left at a loss due to the lack of information needed to support an internal investigation or recovering business critical data from deleted, damaged or lost devices? It is essential within an internal investigation that all relevant information is captured, in order to present a clear picture of the activities leading up to a specific or set of events. Only then can the true timeline of events be assessed, in line with additional data sources.


The reason why mobile and laptop data is so valuable, is due to the ability of the user to remain agile and connected using devices, which can be used external to the corporate boundaries. The user retains the ability to connect to external and third-party applications and services, of which may be restricted within the workplace, thereby potentially bypassing critical security controls set in place within any organisational policies which may be in force.



Computer loss, theft, and deletion are some examples of how an organisation can lose data. The only way to prepare for the unexpected is to have a good backup strategy in place.

Having a backup strategy doesn’t just mean backing up your laptop or desktop. As smartphones and other portable devices increase within our day to day operations, so does the amount of data that employees store on their devices. It is becoming critical to incorporate a holistic approach to the backup of all corporate data will allow for a complete 360-degree view of user activity. This data once collected and placed into a timeline of events will allow for a greater vision an oversight of an event, whereas without this critical set of information, there may be no, or little evidence to support an internal matter.


The act of backing up user data on mobile computing devices e.g. example laptops, smartphones and tablet devices is easy to conduct and can be conducted remotely, lessening the impact upon the user’s ability to operate. Therefore, maintaining a mobile backup strategy, in addition to the organisational computer backups that are being conducted, will allow for a more concise organisational backup to be operated. There are various methods to undertake the backing up of organisational mobile devices (iOS, Windows or Android devices), which will allow you as an organisation to be able to secure the information in advance of a potential loss of data.

This data once collected and placed into a timeline of events will allow for a greater vision an oversight of an event

Some aspects to consider when implementing a backup strategy for mobile computing and smart devices, is to focus upon some of the areas highlighted below (but not limited to):


  • Ownership of devices and data

  • Employment and breadth of current backup processes

  • Organisation policies regarding the use of portable devices for corporate communication

  • Location of the devices

  • Risk of devices being lost, stolen or destroyed


Employing an external forensic agency to securely capture, maintain and manage the collected data would also allow the organisation to hold an assurance that once secured, the data can be recovered, as an when necessary, in order to support organisational requirements, such as:


  • Data Subject Data Access Requests (DSAR) – Benefits are noticed by meeting the timelines set in place be the ICO for the acknowledgement, recovery and presentation of required data sets;

  • Recovery of data – Benefits are seen by being able to recover business critical or historical data in the event of a system failure;

  • Rotation of devices – The benefit of this will allow for the re-use of corporate devices, keeping the knowledge that the previous user data is presentable upon request; and

  • Support internal investigations – Benefits are to allow the HR process to understand the activity of an individual or a group of individuals, over a defined period of time.



The corporate backup service, of which is provided by Forint, allows for an organisation to have an understanding that their data is being backed up and ready for presentation upon demand, to support the processes and requirements listed above.


If you are thinking of employing a service like this, then please do contact us to organise a FREE confidential discussion on how Forint can support your organisation.

10 views0 comments

FORINT

+44 (0)7826 527691

Forint Limited, 320 Firecrest Ct, Warrington WA1 1RG

©2020 by Forint Limited. Forint Ltd is a registered company in England and Wales (12215794) and is registered at 320 Firecrest Court, Centre Park, Warrington, Cheshire, United Kingdom, WA1 1RG