Defenses To Protect Your Organization From Data Loss

Data loss poses a serious risk for small and midsize organizations, causing possible operational disruptions, financial losses, compliance violations, and data compromise. These losses can occur with a cyberattack, a system crash, physical damage to a device, theft of a device, or human error. 

More than 70% of participants in a June 2025 Handy Recovery Advisor survey said they had lost data at least once, with 34% of the losses from accidential deletions and 30% from device failure and hardware malfunction. Ransomware also remains a threat for data loss, with 51% of attacks resulting in data being encrypted by the threat actor, and 29% of that encrypted data being stolen, according to Sophos’ The State of Ransomware in the U.S. 2025.

But there are ways to defend your organization against data loss, and Cybersecurity Awareness Month 2025 in October is a great time to explore those ways. The Cybersecurity and Infrastructure Security Agency (CISA) suggests three defensive practices for organizations: using logging, backing up data, and encrypting data.

Using logging

When a user logs in, opens a file, sends an email, or accesses the database, the network records the activity as a log. A log records who the user was, what was accessed, when the activity occurred, and where it happened. Logging can be used to establish a baseline for normal activity, identify changes to the baseline to quickly detect and respond to suspicious activity, analyze information for compliance, and assist with audits, forensic analysis and investigations. To establish a logging system, CISA recommends that organizations set up logging, monitor the logs, and write policies and procedures. 

For setup, your organization needs to use a centralized log management solution and decide what you need to log. CISA suggests that all organizations enable logging on servers, firewalls, endpoint devices, and cloud services, but you can also record network traffic, authentication, applications, and more. Then, your organization should regularly monitor the logs, either manually or with tools, and set alerts for actions with a higher risk, such as unsuccessful logins. 

Your organization should also adopt policies and procedures around logging and monitoring, and the National Institute of Standards and Technology’s Guide to Computer Security Log Management is a valuable resource. Your organization should establish a team with named individuals who can respond in the event of a cyber incident. At a minimum, your organization should restrict and monitor access to the logs and securely store and retain the logs. Your policies and procedures should include ongoing user training to teach employees how to recognize suspicious activity and review logs.

Backing up data 

Backing up data is an efficient and cost-effective way to protect data at small and midsize organizations. Often times, using backups is the only way to restore data quickly, with minimal downtime, after a cyberattack, system crash, deletion, theft, or physical damage. Without backup data, recovery can take weeks, months, or even years, depending on the reason for and extent of the data loss — and sometimes, data without a backup is permanently lost.

A backup is a secure copy of the data that is stored in a location separate from your organization’s network. As much as 78% of users back up their data, according to an October 2024 Handy Recovery Advisor survey. However, only 33% of users perform backups on a regular basis. CISA recommends regular backups as part of a strong cybersecurity strategy.

Your backup plan should begin with an understanding of what you want to back up. Your organization should do an assessment of your data, focusing on sensitive data, such as human resources records with Social Security numbers and birth dates, and critical data, such as financial records and databases. Also, consider the data flows, user behaviors, user activity, and devices used. Your organization also may have specific requirements for backups based on compliance laws, such as HIPAA and the Payment Card Industry Data Security Standard, which require security backups.

CISA recommends following the 3-2-1 backup rule to set up your backups. The rule requires three copies of your files, two types of storage, and one copy of the data stored at another location. For the two types of storage, organizations typically choose local storage and cloud services. Local storage, such as external hard drives and USB drives, is easy to use but vulnerable to breaches and physical damage. Cloud storage is convenient to use and readily accessible but is still vulnerable to data breaches. Cloud storage is the most popular data storage, with 55% of users choosing cloud storage as their primary storage. However, in a recent study, 50% of cloud storage users reported that they only use the cloud to back up data, contrary to CISA’s recommendation.

Once there are backups, your organization needs to keep them safe with physical security, encryption, and offline copies and regularly test the backup procedures to know that your team can quickly restore your data following a data loss event. Over 40% of participants were able to use backups to recover encrypted data lost during a ransomware attack, according to Sophos’ The State of Ransomware in the U.S. 2025. Also, your organization should offer training to assure that employees know how to use the backup plan.

Encrypting data

Just backing up data isn’t enough. Your organization needs to take defenses one step further with encryption. Encryption is when data is scrambled into coded language that only authorized users with the key can read. By encrypting your data, threat actors cannot read your information even if they do manage to steal it. Then, your organization can use its backups to restore your data.

CISA recommends using Advanced Encryption Standard with a 256-bit key (AES-256) as the most secure form of encryption. AES-256 is the encryption used by the U.S. government to protect its data, with the number of possible key combinations making it nearly impenetrable in a brute force attack. AES-128 and AES-192 also provide high levels of security, and CISA suggests that AES-128 may run faster on your devices, particularly older ones.

Using best practices, your organization should encrypt all devices, hard drives, removable media, laptops, and documents, including all stored and sent data. It’s important to frequently back up the encrypted data to an external hard drive and/or a cloud service and regularly test the backups. You should disconnect the hard drive and store it in a secure location when not in use. 

Conclusion

Small and midsize organizations are at risk of experiencing data loss, but there are ways to defend against it. Defenses such as using logging, backing up data, and encrypting data can keep your organization’s data safe and secure to prevent operational disruptions, financial losses, compliance violations, and data compromises.