Data Backups

Why do we need to backup data? Ransomware, that’s why! But that’s only part of the picture.

Reasons to maintain good and reliable data backups

Maintaining good data backups is critically important. Your organization’s IT staff are likely already backing up your data. In the old days, we used large magnetic tape magazines to back up company data. Back then, there was an offsite storage company that would come by once / week to collect the large tape backup cassettes and transport them to the offsite storage facility. Over time, this technology was replaced by large-capacity hard drives. Nowadays, we use software that will backup data to a cloud service provider (CSP), where it can be safely and securely stored until it is needed for a restore.

Having data backups is one of the safest ways to ensure that you’re being proactive about your data’s security. When disaster strikes, you can be confident that your data is safe and still exists elsewhere. After all, your personal or organizational data is at risk from viruses and hackers, physical disaster, data loss or theft, corruption, etc… The list goes on and on.

How do you know what to back up

In short, back up as much as you can afford, what is most important to you, or everything. Backup solutions tend to be costly, so it’s a good idea to take an inventory of your data so you know what you have. Select the most critical data first, followed by most important and then on to less important data. If you can identify any data that is part of the public domain, chances are, you won’t need to back that up regularly. For more information, check out this great article brought to you by The SANS Institute, Got Backups?

So, what can go wrong? A staggering 93% of companies that experience a major data loss and lack a recovery plan fail within one year. 

Five Hidden Security Risks with Traditional Backups

Not having a Copy of Data Backups Offsite

When the building burns down, or if the ransomware encrypts all your on-site backups, you need to ensure that you have a comprehensive backup offsite in order to recover. This should be part of every businesses disaster recovery plan.

Single Point of Failure for Data Backups

Traditional backup schemes typically include a local appliance that aggregates the backups and sends them in one job to the cloud. Any failure of this local appliance could render all the backups useless for restoration, and this may not be discovered for days after the initial failure. As a result, you may be forced to restore from further back in time, losing valuable and potentially critical data in the interim.

Breaking a link in the Backup Chain

Chains are one method of saving and managing incremental backups. When recovery is needed and is dependent upon having valid incremental backups that came before, any part that fails will render the restoration a failure and spell data loss.

Inability to Test your Data Backups

Many traditional methods to not provide an automated way to test and verify the recoverability of backups. Regular testing is the only way to provide assurance that your backups are recoverable. Testing takes time and money, and in some cases, manual effort. Testing is often the first thing that is assigned lower priority in a business, which could have catastrophic results.

Lack of Accountability

Old-school backup methods require three vendors, a backup software provider, a local data storage provider and the CSP to store and secure the offsite copy. When recovery fails, it can be difficult to determine who’s to blame.

Taking a proactive approach to understanding these risks will go a long way in your data protection strategy.

Critical Security Control #11 – Data Recovery

The Center for Internet Security is a community-driven non-profit organization that works on setting benchmarks and best practices for securing IT systems and data. They publish the Critical Security Controls, which is a framework of controls designed to help organizations take action to protect and secure their information and data from cyber-attacks. There are 18 Critical Security Controls and #11 is Data Recovery. This control is designed to help organizations ensure that backups are happening and that they are reliable and secure. Specifically, the control calls out the need to establish and maintain the following:

1. A data recovery process

2. The ability to perform automated backups

3. A process to protect recovery data

4. Ensure backups are protected by storing them offsite

5. Ensure that backups are regularly tested.

Following and implementing this critical security control can prepare you for these hidden security risks and how to avoid them.

Contact 2Bware today for tips and advice about how to get prepared. We can help you evaluate how to best implement backup and recovery strategies to protect your business.