Data Backup and Security Guideline as Impact Mitigation Strategies in Light of the COVID-19 Pandemic

Wednesday, July 15, 2020/04:00PM/ By Florence Bola-Balogun[1] and Opeyemi Adeleke[2] of AELEX / Header Image Credit: Pinterest

Introduction

The COVID-19 pandemic hit the world in an unprecedented manner and, in just a few months, it has had such a profound impact on the world of work. The need to curb the spread of the COVID-19 virus forced governments of affected countries to issue lockdown orders and restrict movements. As a result, physical office premises were shut down and many employees engaged by organisations were forced to work from home with little or no security policy in place or a viable data backup and recovery plan. In addition, some organisations resorted to employees using their personal computers and other devices to carry out official assignments. The resulting effect is possible exposure to cyber-risks from the use of insecure Internet protocol (IP) addresses and the possibility of data not being backed up appropriately.³  

In this article, we examine data backup and other data security guidelines that may be useful in assisting Nigerian organisations during the pandemic.

Data Backup and Recovery

Data backup and recovery refers to the process of backing up data and setting up systems that allow data recovery in order to forestall loss of data. Data backup and recovery is very important in running a business for many reasons. Computers may crash, human errors may occur, documents may get corrupted and several other issues might occur which the organisation may be ill prepared for.⁴ 

Backing up data requires copying and archiving computer data so that it is accessible in case of data deletion, corruption or a human-caused event such as a malicious attack (virus or malware).⁵ Some popular data backup tools include Microsoft Outlook's OneDrive, SharePoint, Oracle Database Backup Service and Google Drive. It is, however, advisable that for every backup that is carried out, adequate security must be in place.

Recent Incidents of Cyberattacks 

In 2018, it was reported that 60% of Nigerian firms suffered cyber-attacks, and that the country spent $270 million on cyber security.⁶ There is also evidence to show heightened cyber-attacks during the COVID-19 pandemic. Consequently, the Central Bank of Nigeria in a recent press release⁷ alerted the general public of cyber-criminals taking advantage of the pandemic to defraud citizens, steal sensitive information or gain unauthorized access to computers or mobile devices using various techniques.

However, the increasing trend is not peculiar to Nigeria. Other parts of the world have witnessed a rise in cyber-attacks. For instance, just recently, EasyJet⁸ reported a phishing attack to the United Kingdom's Information Commissioner's Officer.⁹ Similarly, it has been reported that a New York law firm used by A-list stars has been hacked by cybercriminals who claimed to have accessed clients' data including contracts and personal emails. ¹⁰ 

It is pertinent to note that when employees are targeted by cyber criminals, employers of the organisation are often vicariously liable for the actions and inactions of employees whether done intentionally or negligently.

National Information Technology Development Agency's Position

National Information Technology Development Agency ("NITDA"), the agency in charge of data protection regulation in Nigeria, issued the Nigeria Data Protection Regulation ("NDPR") which prescribes that¹¹ anyone involved in processing or controlling data shall develop security measures to protect data. Such security measures include protecting the systems from hackers, setting up firewalls, storing data securely with access to authorised individuals, employing data encryption technologies, developing organisational policy for handling personal data (and other sensitive or confidential data), protection of emailing systems and continuous capacity building for staff. Furthermore, while celebrating the World Backup Day on 31st March 2020, NITDA advised Nigerians on Data Backup as impact mitigation strategy in light of COVID-19. The following are the basic guidelines that NITDA has recommended:

1.      Ensure that you backup your data frequently and at relevant intervals;

2.     Consider using remote storage for your backups;

3.     Ensure that the files containing your data backups are encrypted and protected; and

4.     Use multiple methods and multiple media for your data backups.¹²

The above guideline is mostly premised on the principles of the NDPR, which include storage, security and accuracy.

Responsibility for Data Security 

Organisations have a duty of care to protect clients' information and/or documents. Within¹³ the organisation, the data controller has the responsibility for providing data security.  Consequently, in order for organizations to adequately protect themselves, it might be advisable that they encrypt their data and/or set up passwords on emails or documents sent. Overall, organizations should be conscious of cybersecurity issues and probably develop a security policy.

Conclusion

Data Controllers should always remember that actions and inactions of their employees rise and fall on them. Hence, organisational and technical controls should be put in place to protect information of the clients in its possession from the risks of unauthorised disclosure, hacking, corruption, etc. while trying to store data, backup and or recover information.

Footnotes

^[1] Associate at AELEX

² Associate at AELEX

³ Dan Dahlberg, 'Identifying Unique Risks of Work from Home Remote Office Networks' (2020)  Bitsight  <https://www.google.com/amp/s/www.bitsight.com/blog/identifying-unique-risks-of-work-from-home-remote-office-networks%3fhs_amp=true/ >  accessed on 21 May 2020

⁴IT, 'Importance of data backup' (2019) Brickhost https://www.brickhost.com/importance-of-data-backup-and-recovery > accessed on 16 June, 2020

^5'Backup and Recovery' (2017) Techopedia <https://www.techopedia.com/definition/24058/backup-and-recovery#:~:text=Backup%20and%20recovery%20refers%20to,of%20data%20deletion%20or%20corruption.> accessed via 16 June, 2020

⁶ Jumoke Akiyode-Lawanson 'SMEs hardest hit by cyber attacks, as 60% of  Nigerian business suffers attack (2019) Businessday <https://businessday.ng/technology/article/smes-hardest-hit-by-cybercrime-as-60-of-nigerian-businesses-suffer-attacks/> accessed on June 11 2020

⁷ Isaac Okorafor ' Alert, Beware of Covid-19 cyber-attacks fraud' (2020) CBN <https://www.cbn.gov.ng/Out/2020/CCD/CBN%20Press%20release%20-%20COVID-19%20-%20Cyber%20Security.pdf>  accessed on June 11, 2020

⁸ 'EasyJet Airline Company Limited - Company Profile, Information, Business Description, History, Background Information on easyJet Airline Company Limited'
Reference for Business <https://www.referenceforbusiness.com/history2/7/easyJet-Airline-Company-Limited.htm>l accessed on 21 May, 2020

⁹ Jane Wakefield'EasyJet admits data of nine million hacked' (2020) BBC<https://www.google.com/amp/s/www.bbc.com/news/amp/technology-52722626> accessed on 20 May, 2020

¹⁰ Joe Tidy 'Hackers hit A-list law firm of Lady Gaga, Drake and Madonna' (2020) BBC

< https://www.google.com/amp/s/www.bbc.comnews/amp/technology-52632729> accessed on 20 May, 2020

¹¹ Article 2.6 of the NDPR

¹²Ugo Onwuaso 'COVID-19: NITDA advises Nigeria on data backup as impact mitigation strategy' (2020) Nigeria Communications Week https://nigeriacommunicationsweek.com.ng/covid-19-nitda-advises-nigerians-on-data-backup-as-impact-mitigation-strategy/ accessed on 16 June, 2020

¹³ Article 2.1(d) of the NDPR

Related News

1.      Identification Management: The Key to Digital and Financial Inclusion in Nigeria

2.     The Implication Of COVID-19 On Financial Inclusion And Financial Literacy

3.     CBi Nigeria to host Webinar focused on Nation Building and Data Management

4.     COVID-19 Rebound: Building Entrepreneurs and Supporting Financial Inclusion Through Xpress Point

5.     Regulatory Flexibility and Agency Banking Will Enhance Financial Inclusion in Nigeria - Henry Chukwu

6.     Ahead of Tomorrow on WebTV: Discussions on COVID-19; Deepening Financial Inclusion in Nigeria

7.     Ahead of Tomorrow on WebTV: Discussions on COVID-19; The Fourth Industrial Revolution and Nigeria

8.     COVID-19: Impact and Opportunities for Financial Services Agents in Nigeria

9.     Firstbank: Empowering Women through Financial Inclusion

10.  Mandatory Data Privacy Compliance for Nigerian Companies - A Data Audit Offer

11.   How Nigerian MFBs Use Digital Strategies To Deepen Financial Inclusion

12.  Digital Technology Will Enhance MFB Operations in Nigeria - Victor Mba

13.   Identifying The 4 Pillars for Achieving Nigeria's Financial Inclusion Target - Patrick Akinwuntan