While implementing data storage policies that mandate where company files are to be stored is a popular data-protection measure, employees are not necessarily complying.

This is leaving organizations vulnerable to data loss, according to a survey.

Kroll Ontrack found that 40 per cent of individuals surveyed said their companies had a policy regarding where data should be stored.

However, the survey results also revealed that 61 per cent of respondents "usually" save to a local drive instead of a company network.

While the risks associated with saving to a local drive could be minimized with an external backup drive or backup software, 44 per cent of respondents said that their preferred storage location was not backed up.

Jeff Pederson, manager of operations for Ontrack Data Recovery, said saving to a local hard drive on a desktop or laptop more often than not contradicts data storage policies.

He said regulations usually require employees to save to a network folder.

"With the majority of employees saving to unprotected, local drives, companies could be at risk for losing anything from project plans and spreadsheets to customer data and financial information," he said.

Pederson added that having guidelines to save documents to a network better ensures employee data is regularly backed up in accordance with company data retention procedures – and reduces the chance of data loss.

Brian Lapidus, chief operating officer of Kroll’s Fraud Solutions, a practice of the Background Screening division, said the survey results confirmed its findings.

"Employees are the wild cards in policies and procedures, he said.

"Companies must ensure that employees receive ongoing education to understand the risk of actions that do not follow the plan."

To help businesses avoid losing critical data, Ontrack Data Recovery specialists recommend that companies have a clear, well communicated data storage policy in place for their employees.

Companies should also ensure that data recovery is included in their overall disaster recovery or business continuity plan.

To this end, they should identify and partner with a data recovery provider that is able to quickly respond to any type of data loss scenario.

Pederson said the survey showed that data storage polices do not necessarily safeguard a vast quantity of critical company data.

"This fact, coupled with the vast number of information-oriented regulations that have been enacted reinforces that companies need to be prepared to respond to data loss at the individual-employee level," he said.

Subscribe to our Newsletter