How to Maintain Back Up Best Practice
World Back Up Day takes place every year on the 31st March to highlight the importance of backing up and being prepared against data loss, and data theft.
A thorough back up strategy is an essential part of an effective mitigation and recovery plan for any business, small, medium, or large.
To mark World Back Up Day 2023 our cyber security experts here at PureCyber have come up with advice to help you create your own effective back up strategy.
Why Do I Need to Have a Back Up Policy?
Back-ups allow businesses to potentially recover data compromised by a malicious attack or non-malicious activity like human error. Many backup solutions also provide a way to restore your most critical data first, followed by less important files. Often, disaster recovery involves restoring select bits of data, from a database down to individual files. Every individual file that affects a critical system should be considered as extremely important.
A back up policy demonstrates that you have robust data governance and compliance policies in place. This gives your employees, clients, partners, and vendors peace of mind that their data is safe.
A 2022 global report on Cyber Protection found that 76% of organisations experienced downtime due to data loss in the last year, a 25% increase from 2021. This downtime stemmed from a number of sources including system crashes (52%), human error (42%), cyberattacks (36%) and insider attacks (20%).
What Are the Implications of Data Loss?
According to the National Cyber Security Breaches Survey 2022, the average cost per attack from loss of money or data is £4,200 for all businesses reporting an attack.
Data loss can have serious consequences for businesses. A data breach can cause reputational damage and severely impact employee productivity and business continuity. Employees will likely rely on this data to carry out their work, while the business may not be able to operate without it. Client and employee trust can also be damaged, in addition to affecting partner and vendor relationships.
There are many examples of data breaches that compromise data such as staff and client names, addresses, national insurance numbers, financial details, and ID documents such as passport details. This data breach exposes staff and customers to financial fraud, phishing, and identity theft.
The cost of recovering lost data can, in the worst-case scenario, force a business to close. According to the British Chamber of Commerce 93 percent of businesses that suffer data loss for more than 10 days file for bankruptcy within one year.
Failure to keep data safe can lead to a maximum fine by the Information Commissioners Office of £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher.
How To Prevent Data Loss
Only 15% of IT managers worldwide follow backup storage best practices (Acronis, 2022). Here are some useful strategies that every business should follow to help prevent data loss.
Identify what you Need to Back Up
The first thing to do when backing up your data is to identify what is most valuable and critical to you. Ask yourself, what data would compromise your day-to-day business if it was lost? For example, this could be emails, client data, contact information, staff details, calendars, photos, or documents. Important data can also include business strategies, quotes, orders, and financial and accounting information, such as payroll.
Identify Your Endpoints
Identify where your data is and the devices your data is on. A good backup plan will consider every individual endpoint, and how critical the data stored on each individual device is.
If your business allows a BOYD (Bring Your Own Device) policy, any work-related data or files that are located on personal devices also need to be considered in a back-up strategy. This could mean not allowing personal devices if it is necessary to keep data secure.
Separate your backups from your Main Device
Access to data back-ups should be restricted and closely monitored and most importantly, saved separately from the devices holding the original copy. Ransomware and other forms of malware can infect attached storage automatically, and therefore leave you with no backup data to recover from. If you have a physical back up, it is recommended to store backups in a different location to prevent data loss from theft or fire, or even natural disasters such as floods.
A 2022 Ransomware report by Veeam found that 97% of modern ransomware attacks attempted to infect not only primary systems, but also backup repositories.
Create Multiple Back-Ups
Ensuring multiple back-ups of your most critical files is good practice when backing up your data.
The NCSC (National Cyber Security Centre) recommends that organisation adopt the 3-2-1 rule. This is a common strategy that can be used in most scenarios. To implement this, businesses need to create 3 copies, on 2 devices, with at least one offsite and offline back up.
An example of this rule in practice would be the main server in a business’s headquarters, a cloud backup, and a backup NAS (Network-Attached Storage Drive) in a different location. This ensures your data is backed up in most scenarios. A network-attached storage drive (NAS) is a data storage device that connects to and is accessed through a network, instead of connecting directly to a computer.
Creating multiple back-ups means that if your data is compromised, you will still be able to access an intact copy.
Back Up Regularly
For many organisations it is best practice to back up every 24 hours and at the very minimum, once a week. If you want to increase your protection against ransomware you can even back up your data multiple times a day.
Many network or cloud storage solutions offer automatic back-ups. Frequent automatic back-ups can help save your business time and give you quick access to your most up to date files. It is important however to remember the 321 rule and not rely entirely on the automatic back up system.
By backing up regularly, you are more likely to be prepared for a ransomware attack and make it part of your everyday business cyber security practices.
Do Not Rely Entirely on Cloud Services
Cloud software solutions can offer advantages; unlike physical devices, the data they store cannot not be lost to fire or real-world theft.
Yet, it is a common misconception that cloud storage solutions, such as Microsoft 365, will automatically back up your data. At PureCyber we advise that any data stored on cloud services is also backed up to another software device or location.
Microsoft’s Shared Responsibility Policy, for example, specifically states that it is the user's responsibility to protect the security of data within the cloud, recommending that you use a third-party backup solution.
It is also important to remember that Cloud storage requires a reliable internet connection, so may be unsuitable if yours is slow, unreliable, or metered. Using strong passwords and 2 factor Authentication to protect access to cloud services is also very important.
Visit our resources page for more information on how to back up your data or get in touch to see how our PureCyber security experts can help you protect your data by clicking the button below.