Your business data backup checklist

When it comes to ensuring the protection of your data, appointing a dedicated person that is responsible for the businesses data protection will enable you to oversee and grant access to private data to only trusted individuals. This role will also require the data manager to take the responsibility of regularly checking data backups. No system is flawless and power outages or network failures are difficult to predict.

In a world where we heavily rely on technology, the loss of data can happen in so many more ways than one. Most importantly you must understand these risks and prepare for them to happen. Some of the most common data loss scenarios include:

• Power outage
• Network Failure
• Ransomware attack 
• Malware
• Human Error
• Environmental causes
• Theft 

A common misconception around cyber attacks is that cyber criminals only attack big corporations. That isn’t entirely true as nowadays businesses of all sizes, industries and locations are all being targeted. Although some organisations will be more vulnerable than others depending on the kind of information that they store. The more sensitive and valuable the data the more likely it is that cyber attackers will try to compromise it. Organisations like the police, government, lawyers, healthcare and financial institutions are most frequently targeted. 

Coronavirus has played a huge part in the increase of cyber attacks, particularly on healthcare organisations. Forbes has reported that the cyber attacks on the World Health Organisation (WHO) have more than doubled as a result of the pandemic (1).

Backing up as much data as physically possible is an easy assumption when it comes to thinking of the best strategy for data backup. Although in recent years we have seen a dip in the cost of backing up data, there are still significant financial costs to consider. Particularly if you are looking to implement a zero data loss recovery appliance. This strategy is specifically designed to virtually eliminate data loss within your organisation whilst boosting production performance and minimising data loss exposure, but this can come at a cost (2).

Before you begin to put a strategy together for your data backup, it is important to decide on your objectives and how much data you are willing to potentially lose. Ultimately you must consider your Recovery Point Objective (RPO) and the Recovery Time Objective (RTO). 

The RPO looks into how much of the compromised data you are willing to lose in order for your business to continue operating with minor disruption. RTO refers to the block of time between the data being lost and the resumption of your normal business functioning.

When it comes to implementing the best practices within your business for efficient data back up, you should always refer back to the 3-2-1 rule. This is outlined as follows:

3. Create at least three copies of your data
2. Implement two storage formats
1. Keep at least one of the copies offsite.

These rules aim to ensure that you will always have at least one safe back up to fall back on in case of an emergency. Two good examples of storage formats are using a USB and the Cloud. If you happen to lose or damage your USB, you can use the back up on your Cloud storage. Alternatively, if the Cloud becomes compromised or suffers an outage, you will still have your backup on the USB. 

Having a backup system is great in ensuring that you always have a copy of your data to rely on in the event of a malicious attack or a result of a simple human error. However, if you fail to test your data backups, you don’t know whether the backup has actually been performed, whether the backup is accessible and if it can actually be used. Like all technology, it requires maintenance, patches and updates. Data is your businesses greatest asset, if you cannot afford to lose it all, then perform tests regularly.