The Office of the Privacy Commissioner says a recent burglary at a law firm shows the dangers of failing to have secure back-ups of their work.
The Office says the unnamed New Zealand law firm had their computers taken in the burglary. They had relied on the physical security of their building to protect their data and had no off-site back-ups of critical files. An external hard drive with backups of all the data was stored on-site and was also stolen. The data was not encrypted.
The Office says when an organisation loses files containing sensitive personal information about clients, this has the potential to cause serious harm to many people.
“A comprehensive and robust approach to encryption across the law firm would have been reasonable protection and would have substantially reduced the risk to the firm,” it says.
“Whether the threat is a burglar targeting electronic gear, a fire, or a building condemned for earthquake damage, having a secure off-site back-up mitigates the risk of loss.
“Another good reason for making sure you have a good back-up system is ransomware. Having a set of back-ups will make getting back up and running much easier.”:
CERT NZ provides good advice for businesses, including advice on backups.
The office has a data safety toolkit available on its website.