Data backup is a crucial step to preventing data loss whether from cyberattacks, ransomware, accidental file deletion, natural disasters, and other threats. The key is ensuring that the data is properly being backed up. If the data is not properly backed up, the recovery of the data can be much more challenging, not to mention costly.
Some of the questions IT Service Providers such as MicroAge ask clients and that businesses should be thinking about when looking at backup strategies and solutions are:
- What data do we have?
- What data is critical and/or sensitive?
- How often do we back up our data?
- Where and how are the backups stored?
- Which recovery methods should we use?
- How long can we afford to be down?
- How long should we retain old backups?
The answers to these questions will be unique to every business based on their requirements and needs. However, there are guidelines that all businesses should follow when it comes to data backups to help ensure that the data is adequately backed up and can be recovered quickly in case of a disaster, natural or otherwise.
Best Practices for Data Back Up
Create a backup strategy
This sounds obvious but it is often overlooked and may possibly lead to inadequate data backups. The most important for a successful data backup strategy is creating a plan. The plan should outline the company’s specific data backup and recovery objectives. This plan is part of a business continuity plan or disaster recovery plan.
Here are three of the main considerations to take into account in order to properly answer the questions above.
- Risks of various data-loss events such as: accidental deletion of data, data corruption, data breaches, ransomware
- The impact of such events on operations. Think about the effects on productivity, financial losses, customer service
- What are the objectives for restoring data to minimize the impact on the business?
- Recovery Point Objectives (RPO): refers to the amount of data that can be lost within a period most relevant to a business, before significant harm occurs, from the point of a critical event to the most preceding backup.
- Recovery Time Objectives (RTO): refers to the amount of time that an application, system and/or process, can be down without causing significant damage to the business as well as the time spent restoring the application and its data.
It is easy to fall into the easy and cheap trap when it comes to backup.
Backup solutions that just replicate your data to an external drive or a cloud folder seem like an easy and not too expensive solution. The same could be said for cloud-based file-sharing applications like Google Backup & Sync. However, these solutions are not intended to be robust backup solutions.
Businesses should look for business continuity and disaster recovery solutions (BC/DR) that are designed to provide strong recovery options which allow critical operations to continue with as little disruption as possible.
Conventional wisdom states that the more often you back up your data, the less you’ll lose in between recovery points. However, not all data is created equally. There may be higher priority data or workloads that require more frequent backups. Other data can be a few days old without causing a huge impact on the operations.
The type of business may also influence the frequency of data backup. For example, if the business produces or modifies significant amounts of crucial data, the frequency of data required will be a few minutes and not a few hours or a few days.
Additionally, some industries have compliance requirements which require mor frequent data backups. Industries such as healthcare and finance come to mind.
While on-premises backups have the advantage of speed when it comes to recovering data, it may not be the best option. Specifically, if something happens to the on-premises backup and there is no off-site backup, the chances of recovering the data is slim to none.
Remote backups are important for business continuity purposes. If the on-premises backups are not accessible for whatever reason, having backups in secondary locations allows for access to the data required and the continued operations of the business. Some examples of remote backup storage are:
- Backups stored in a private cloud or datacenter
- Backups stored in a public cloud such as Microsoft Azure
- Backups stored at a secondary business location
Remote backup storage should not replace on-site backup storage. Most good backup solutions today offer hybrid backup protection models which on-premises and cloud backups to mitigate against all the different types of disaster scenarios that can impact businesses.
Retention of backups
Each organization is different and how long an organization decides to retain its backups will be different for each organization. One thing that is for certain is that each organization needs to think about what works for them taking into account the type of data, the business or industry you are in, and your comfort level with data being deleted forever.
Do not allow inbound Internet access to Backups
Backup devices need to be able to transmit data to the cloud, no inbound communication should be allowed. The backup solutions should be deployed in secure environments and the outbound communications should be limited to only those that are required for the device to perform cloud backups. All other communications should not be permitted. The reason for this is simply that allowing inbound communication to your backup solution will increase the susceptibility to cyberattacks and malware infections and ransomware attacks.
An organization’s backups need to be secured against the risks of infection from ransomware and other malware. These types of infections try to infect every machine that can be found, including backup devices if they are left unprotected. This is the reason that separating the backups from other devices in an IT environment is so critical. If the backups are encrypted or infected, there will be no way to recover data. Therefore, no permanent connection between backup devices and PCs and networks that are being backed up should exist.
Should backups fall into the hands of bad actors, it is important that the data is inaccessible. Backups should be encrypted as it is uploaded to the cloud (in transit) as well as when it is stored on a backup device and/or a datacentre (at rest).
Protect the end points
In a perfect It environment, users would save their data on the appropriate servers which would be backed up on a regular basis. However, often users will save their data on their local PCs leading to a considerable amount od data that is not on network drives. It is important to include end points in the backup strategy to ensure all critical data is being backed up.
Ensure subscription applications (SaaS) are being backed up
Many businesses falsely believe that subscription applications such as Microsoft 365 are backed up because they reside in the cloud. Although these types of applications have retention policies, they are for the most part, inadequate for businesses. It is very important to have the proper backup strategy for these types of applications to make the data accessible and recoverable should a disaster occur.
Regularly test backups
One of the important but often ignored steps in any back up process is the testing of the backups. Having a backup does not necessarily mean that it is viable and can be restored. Backups, both on-site and off-site need to be tested regularly to ensure they can be restored.
Businesses of all sizes need to ensure that the backup strategy implemented ensures all data is protected and can be effectively restored when required. Whether a single document has been accidentally deleted or ransomware has encrypted the network, a strong data backup system can help businesses recover quickly and maintain business continuity.
MicroAge can help you find the back up solution that is meets the requirements of your business. Contact us today.