Business data is critical these days. Being without it can mean hundreds, thousands or even millions of dollars in lost revenue. Many malware and hacking attacks targeting businesses are aimed at stealing or preventing access to business data. This is why we back up our business data; to keep it safe. So what are you doing to back up your data? And is it really, truly, effective?
An untested backup is no backup at all.
Say you needed to recover your data from your existing backup right now, could you? Are you sure? Has your backup been tested recently to ensure it's going to work when you do need it? If you confidently answered "yes" to all three of those questions great, you can close this page and continue on with your day. I'm guessing however that you answered "no" or "I don't know" to at least one of those questions.
A backup does your company no good if the data within it is corrupt or unusable. Unfortunately for a lot of places, this knowledge comes a little too late to be of any use. Having a backup is great but it needs to be regularly tested to ensure continuity and consistency. This goes for all types of backups including file, system, database, email, all of it. You'll be much better off finding out your backup isn't working during a test than during an emergency.
Backing up the cloud. Yes that's needed too.
"But everything that I use is in the cloud! That means I don't need backups right?" This is the scary one that we hear. Everything is in the cloud now days so you don't need to worry about backing anything up because hey, it's in the cloud right? It'll always be there… right?
By now you've probably figured out that the above line of thinking is mostly wrong. About the only thing that storing data in the cloud can help protect against is hardware failure. However you still have the myriad of other things to think and worry about. In addition to that, you're also now at the mercy of whoever owns the cloud your data resides in. If that company suddenly goes out of business or bans your account (it happens) your data can be permanently lost.
As a result, it is important to look at implementing either a cloud-to-cloud or cloud-to-ground backup. The former is typically more readily available and is the process of backing up from one cloud to another which is hosted/owned by another company. The latter involves pulling your data out of the cloud and placing it on a local storage system or server on your own premises. Either one will work and it is largely up to personal preference for which one you pick.
Finally, be wary of cloud providers that claim to back up your data for you. Most times you will find that they are backing up their own systems for the app to continue functioning but they are *not* backing up your actual data, leaving you still at risk.
Backing up the wrong way can lead to disastrous consequences.
Now if everything up to this point wasn't enough, it's time to talk about backup security. You can have your backup tested to the moon and back but it's all for naught when a ransomware infection works through your network and encrypts not only your data but also your backups. Unfortunately, modern malware is this sophisticated in that it will actively look for and destroy backup data before or while it damages your primary data. When backing up, data-flow should always be a "one way street" accessible only to the processes performing the backup.
The other thing that needs to be looked at are access and physical security. This is especially true for organizations that are required to adhere to a compliance standard such as HIPAA or PCI. For example, HIPAA compliance dictates that data at rest must be encrypted. This isn't necessarily a required thing for organizations that do not need to be HIPAA compliant but it's good practice nonetheless. In the event of any sort of theft or breach you'd much rather give an attacker something he'll never be able to use than an open book to your company.
How to get it done.
By now you should have a pretty good idea about what to do and what not to do when it comes to keeping your data safe. Now it's time to come up with a plan and execute. Doing so may seem overwhelming but it's simpler than you think. Here are the five important steps to consider:
- Take an inventory of all of your data and remember: all of it is more critical than you think.
- Pick a media and method for backing up with, stay away from unreliable media like flash drives (USB hard drives are okay).
- Don't put your backup in one basket, if at all possible keep one copy of backup data locally and a second copy off-site or in the cloud. The common "rule of thumb" here is the 3-2-1 rule: Have at least three copies of your data in two different locations with one of those locations being offsite or in the cloud.
- Secure backups with encryption and ensure the media access is not open to any applications or processes that don't belong to your backup.
- Set up a schedule for testing backups and then adhere to the schedule.
Follow these steps and you'll be well on your way to properly backing up all of your business data in a way that will keep it secure, available and usable in the event that you need it. If you feel that you need some help with getting a properly working backup in place for your data, give us a shout and we'd be happy to assist with getting you set up with what you need.