This is the 189th article in the Spotlight on IT series. If you'd be interested in writing an article on the subject of backup, security, storage, virtualization, mobile, networking, wireless, DNS, or MSPs for the series PM Eric to get started.
When it comes to protecting company data, we try very hard to make sure the servers have redundancy and the backups are checked, but there is a common problem I see at companies of all sizes — one thing I think that slips through the cracks: company data hiding on users’ PCs.
We’d be mistaken to assume just because we have policies in place saying to store everything on the file server that users are really doing so. Let's face it, users are typically in one of two camps: Either they’re not concerned about it or they think they’re backing things up properly. It's our job as IT to educate users on how computers store data and what is safe. I've seen large organizations where users have had 10 years (yes, 10) worth of data on their PC!
There are a few common user misconceptions of backing data up and/or protecting it that I’ve come across over the years. (I'm sure everyone has seen at least one of these.)
1. “I backed all my data up to the D: drive.”
Chances are the "D:" drive is really just a partition of the same drive. When talking to users about this, I’ve found a good explanation is to say, “Think of a hard drive like a file cabinet. The C: and D: drives are like drawers in the cabinet. If the building burned down, you would lose everything in that file cabinet no matter how many copies you have in different drawers.” (Assuming it isn't a fireproof cabinet of course.)
2. “I keep my data on my PC because I have sensitive information I don't want other people to see.”
This reasoning can be dangerous because those records are probably important to your company as a part of your disaster recovery plan. The way I approach this is to let the user know that we have more security on the file servers and I would be happy to help make sure only the right people have access to the data. Another selling point is to ask, “What if someone else needs to see this data? What happens if you leave the company or you are on vacation?” This is where proper file organization and data retention policies come into play.
3. “I keep the data on my desktop because it is easy to find or I use it all the time.”
Most users want one location to find everything and to not have to dig through lots of folders. With Windows 7, you can easily solve this problem using libraries. Set up all the user’s files to show up in his or her documents library. This way everything appears in one location, and the fact that you have it in different folders on your file server is transparent to the user. If the user really wants the file on their desktop, then use shortcuts. This method works well with users that commonly access the same files day in and day out.
One explanation I have used to help users understand the importance of storing their data in a company-approved location is this: “Think of the data on your computer is unrecoverable for all intents and purposes.”
When you’re configuring backups on your server, remember — they’re only good if people are actually putting data on there.
Are there any things you'd add to the list? How do you deal with making sure users store their data in the proper places? Share your stories and comments below!