Best practices for data protection were analyzed in a recent report by Apricorn. The survey found that 25% of IT professionals follow industry best practices for backing up data. The survey details data backup, encryption and resiliency protocols for IT professionals in the United States and Canada over the last 12 months. Overall, the responses revealed gaps in data backup procedures, hedging risks from employees and securing data on the move with encryption.

The findings detail alarming trends around lax data backup procedures. While 93% of respondents say that they factor in data backups as part of their cyber security strategy, one in four follow the 3-2-1 rule, in which they keep three copies of data, on two different formats, one of which is stored off-site and encrypted.

The importance of clean and accurate data backups is critical, with 37% of respondents having experienced a data loss event and 55% reporting they have had to restore data from a backup as part of recovery. However 16% do not ensure that their data backups are clean and complete, and 52% say they keep their backups for 120 days or less, which is less than half the average 287 days it can take to detect a breach.

The human element is a considerable concern, with 33% having experienced data loss related to employee actions. One-third of employees working in the office don't consider themselves as potential targets that cyber attackers can exploit to access company data. This is higher than the 27% remote employees who don't consider themselves as potential targets. And despite the lack of employee awareness that they could be targeted, 50% of organizations encrypt sensitive information for data on the move which is a 10% improvement from last year.

Risk from employees remains a top threat to data security, and almost 40% feel their employees' lack awareness of the risks to data when mobile/remote working could unintentionally expose the company to a data loss event or breach. While some respondents say they are adequately protected, protection for data on the move is inconsistent across organizations.