Backups: Keeping your Data Safe

Home    Blog    Cyber Defense
, ,

Picture this:

You’ve just arrived at the office to finish that big report that’s due tomorrow. You’ve been working overtime to get it done, but it’s looking like you might finish ahead of schedule!

 

You get to your desk, put your things down, and press the power button to turn on your computer. While it boots up, you decide to grab a coffee. When you come back to your desk, you find that your computer has the dreaded blue screen of death and an error message. Unsure of what’s causing it, you try turning your computer off and back on again to see if it boots up properly. Same thing. Not knowing what to do next, you reach out to your company’s IT team for help. After some digging, they determine your hard drive has failed.

 

Oh no. That big report. It was saved to your desktop! You’d meant to move it to the shared drive that gets backed up, but that was going to be a task for today. What are you going to do now? How are you going to get that report back?

 

The Importance of Backups

I couldn’t give you exact numbers, but this scenario has happened to many people across the world. The unexpected loss of valuable data can happen to anyone – no matter your job title, how much money you make, or the industry you work in. In this particular case, a technology failure resulted in the loss of data, because the user saved their work to a location on their computer (their desktop) that wasn’t backed up. Had the user had saved the big report to the shared drive, it would have been backed up, and there would be a good chance of recovering it and getting it to the client on time.

This situation, along with many others, is exactly why backups are so important in our technology-driven world. Data – from signed contracts to financial records – is an essential part of business. If your laptop failed, or you had a flood in your office destroying everything and your valuable data and information was lost, could your business recover? It’s a scary thought, but if you are prepared and come armed with backups, there’s an excellent chance that your business can bounce back with minimal impact to your operations.

You may be wondering – what exactly is a backup? This definition comes courtesy of Merriam-Webster, who defines a backup as “making a copy of data to protect against accidental loss or corruption”. It’s a simple concept that covers many moving parts. Let’s break it down!

 

Copying Data

Making a copy of data – sounds easy enough. But what kind of data should you be copying? Ideally, any data that is important to your business and is crucial to maintaining its day-to-day operations should be copied (backed up) on a regular basis. Depending on your business requirements, this data could include (but is not limited to):

  • Signed Contracts
  • Financial Records
  • Photographs
  • Word and Excel Templates
  • Emails or Text Messages
  • Databases
  • Customer Records
  • Completed Project Works
    • Reports
    • Proposals
    • Engineered Drawings

The list is endless and is completely dependent on your business type and its operational requirements. The important thing to remember is that you will want to make sure you have copies of any data that, if they suddenly were deleted, held for ransom, or deemed unrecoverable, you would need to get your business back up and running again.

Data backups aren’t just limited to desktop computers either. Every electronic device that you use for business (and personal!) reasons should be backed up regularly. This means everything from laptops, tablets, and even your cell phone should be considered when you’re setting up your backup schedule and program.

 

Why Backup?

I’ve already stressed that backups are important. After all, what is your business without its most important asset – its data?

Things happen. They happen when we least expect it to, and the only way to mitigate any potential damage to your data is to ensure that you have a current backup of it. It will give you a chance to recover and keep on keeping on! So, what exactly could happen to your data?

It could be…

  • deleted by an employee, accidentally or intentionally.
  • stolen.
  • destroyed by a fire or flood.
  • corrupted or rendered unrecoverable when a device fails, or there’s a hardware/software failure.
  • held for ransomware in a cyber-attack.

None of these are great scenarios, but if you prepare for the worst, you’ll be well positioned if something does occur.

 

Types of Backups

One might figure that a backup is a backup is a backup. As I’ve come to discover in my cyber security journey, there are actually several types of backups! They include:

  • Full Backups: This is probably the most common type of backup. As the name implies, a full backup is when all data (files and folders) on a system is backed up. Depending on the volume of data you have a full backup can take longer to complete and may need more space to be stored on than other types of backups.
  • Incremental Backups: In this type of backup, only the changes that were made to the files and folders since your last backup are recorded. Incremental backups can be quicker to complete, but if you need to recover your data it may end up being slower, as each incremental backup needs to be pieced together to get a full picture of the data.
  • Differential Backups: This backup falls between a full backup and an incremental backup. In a differential backup, a full backup of data is completed first. Any subsequent backups will only record the changes made since the full backup. This type of backup can run fairly quickly, and if you need to restore your data, it won’t take as long as it would with an incremental backup.
  • Mirror Backups: Mirror backups are pretty much how they sound – an exact copy of your data is created (much like a full backup). The difference between the two? When a file is deleted from the source where your data is being copied, it is also deleted from the backup. It’s the riskiest backup option because important data has the potential to disappear forever!

 

The Choice is Yours!

Each type of backup has its own unique advantages and disadvantages. The choice of which type your company should go with is entirely your business’ decision and should align with your risk tolerance – though when in doubt, run a full backup. It may take more space to store, but it will ensure all of your data is copied and secure!

 

How Often, and When Should I Backup?

No matter which type of backup you choose, it should be done on a set, recurring schedule. How often you choose to run your backups will be dependent on your business’ operational requirements and needs; however, those businesses whose backups run more often will minimize the amount of data which could be lost. This is also known as the Recovery Point Objective, or RPO, and measures the acceptable amount of data loss by time. It should be one of the core objectives when designing an IT infrastructure.

The most common options are to perform backups daily, once a week, or once a month. Some businesses choose to do a combination of all the above to ensure they cover all their bases. It’s all determinate based on your business’ individual needs.

When scheduling backups, you’ll want to ensure that they’re set to run at times that won’t interfere with your business’ operations. The last thing your employees need is to get frustrated when the files they’ve got open freeze in the middle of working on them! Look at quieter times – for most, this means overnight at 3am. If your business is a 24/7 operation, then find a time which is generally not as busy. Make sure you advise your employees ahead of time as to when the backup will run, so they know not to try and access those files.

 

Where Do I Store It?

Now that you’ve run your backup, where will you store it? The ideal storage spot is somewhere your business isn’t. One strategy I came across at a midsize consulting firm was to leverage three different backup locations: the home of one of the Canadian executives, the parent company’s office in the US, and a third-party storage space. It may sound a little extreme but given the sensitive nature of the data they dealt with; it gave the company comfort in knowing that their data was secure in so many places.

Your business may not have those same needs, but whatever you decide, make sure that you don’t store it right on site, at the location where one day you may need it. Since backups can be stored in a number of ways (including external hard drives, USB keys, tapes, or even virtually in the cloud) the possibilities for storage locations are endless.

One last thing when it comes to storage locations: make sure it’s somewhere accessible and easy to retrieve. If your data was lost today, how long would it take to get a copy of your backups on site to start the recovery process? Could you stand to wait two, three, or more days before restoring to your backups? Keep those questions in mind when selecting locations to store your company’s backups.

 

How Long Do I Keep It?

You’ve decided to run a backup. You’ve decided on the type of backup to run, and where best to store it. So how long do you have to keep it around for?

Much like most of what I’ve written so far, the length of time you need to retain your backups is completely dependent on your business’ industry and its unique organizational needs. Each business will have to come up with their own policy, called a ‘Backup Retention Policy’. This policy outlines what data needs to be kept for what length of time.

In general, most data doesn’t need to be kept for all that long. There is no set standard, but I’ve seen companies decide to hold on to their backups for periods of one week (for daily backups) to up to three years. Keep in mind that there may be legal or financial requirements for data retention. The Health Insurance Portability and Accountability Act (HIPAA) in the US, for example, requires most data to be kept for a minimum of six years, with some types of data needing to be kept for up to 11 years.

 

Don’t Forget to Test!

Yes, you sure did read that right! Testing your backups is equally as important as having a backup in the first place. Why, you might ask? Well, there are a few reasons.

First off, testing allows you to verify whether you can actually restore from your backups. There could be any number of problems with your backups, from missing data to corruption, or even a compatibility issue between your backup and the device you’re trying to restore it to. If you can’t restore your data, you could experience business or financial catastrophe or worst case, lawsuits and fines should you not be able to meet contractual, legal, or regulatory retention requirements!

Testing can also validate the effectiveness of your company’s policies and procedures surrounding backups. When initially setting up your backups, you may have thought that you identified which files, folders, or applications you wanted copied. What if one of those got missed during setup, or you realized that there was more data that you wanted backed up? This would afford you the opportunity to identify anything that got missed and add it to the regular backup schedule.

 

Recovery Time Objective

This testing will provide valuable insight into whether another core objective for your IT infrastructure design is being met: Recovery Time Objective, or RTO. This objective indicates the maximum time an application or data can be unavailable before the business suffers unacceptable interruption. Without testing these backups, you will not truly know whether your IT infrastructure can meet this objective.

Finally, testing your backups will ensure that your data is truly being preserved. What if the backup stopped working, or had a problem copying certain files? You’d never know that your data wasn’t being backed up if you never checked – and that would be a tragedy if you ever needed to recover it!

Testing of backups should be done on at least an annual basis.  Some; however, perform tests quarterly or monthly depending on how critical their data, applications, and systems are to their business’ continuity. It’s also good practice to test before and after upgrades or changes. Problems often arise after upgrades or changes so it’s a good idea to ensure your backups are at the ready!

 

Create a Test Plan

Before conducting your backup test, make sure you create a test plan. Identify how you will test to see if your backups can be restored and to which devices. Most importantly, ensure that you have a regular backup available for your test. If you create a special one-time backup just for testing purposes, you’ll never know if your regular backups are actually working the way they are supposed to.

When conducting your backup test, check everything: don’t just test a few files! Make sure you can restore:

  • individual files;
  • folders;
  • directory trees;
  • servers;
  • entire computer; and
  • programs/applications.

As part of your backup testing, try restoring on a different device than the one it would normally go on. By doing this, you can identify if your backup is compatible to these systems. For example: say you performed a backup on Computer A. Computer A died, so you need to install your backup on Computer B instead. Computer A had a larger hard drive than Computer B, so now, your backup won’t fully restore. This situation is surely something you don’t want to have happen when you’re in the middle of trying to restore important data!

 

Backup Software

One last thing to consider is backup software. You’ll want to ensure that the devices you need to restore to are equipped with the correct backup software needed to restore the backups you make. If that software isn’t installed, it could be more difficult to get going on the restoration of your systems and files. Make sure to keep a copy of the install disks or files for your backup software with your backups.

 

Summary

In short – backups are an important tool should you ever need to recover your data. As much as we have come to rely on it, technology is not infallible. If you have any valuable data that you want to keep around make sure you set your backups to run regularly. Store it in a secure, offsite (but still accessible!) location, and make sure you test them regularly. By thinking ahead and making copies of your data, you’ll be well-prepared for any potential loss scenario.

 

Ready to protect your business?

Sign up for our newsletter!