Multilayered Security Part III- Consistent & Effective Backups
You’re only as good as your last backup.
System backups are supposed to be the safety net that never fails. But the fact is that backups DO fail often, costing companies an astounding amount of time and money every year. Backing up daily isn’t enough to keep a business safeguarded and on track; timing and efficiency are paramount. Unless a consistent backup schedule is in place along with checkpoints to determine efficiency, threats like malware and system failure can shove workflows back days, even weeks or months, due to the loss.
Information is valuable and can be difficult or sometimes impossible to replace. The solution is consistent and effective backups which store data in case it becomes compromised or lost. These solutions will determine how you will recover from a cyber attack and how long it will take. Improving a backup program is essential to preserve any business’ position along processes and workflows that can be adversely affected by:
- Accidental deletion
- Device hardware crash
- Lost or stolen device (phone, laptop, etc.)
- Files and programs infected with malware
- OS crashes
- Spills and destruction of hardware
Utilize different types of backup, regularly check that backups are working, and develop a comprehensive backup plan to ensure your business is prepared for unexpected data loss.
Types of Backups
I. Online/Cloud Backup
Backing up on the cloud is vital to fast data recovery. If systems or devices become corrupt or destroyed, seamless access to the cloud can get you up and running in a matter of minutes. Versioning is a great feature that will retain older versions of files, allowing you to pick up where you left off. Additionally, most cloud backups are generated by automated processes, taking the stress of scheduling backups out of the equation.
While cloud services involve a monthly cost, it is rapidly decreasing as more service providers come online. As long as you maintain fast and reliable internet service, cloud backups are highly effective and absolutely essential to any backup program.
Offline backup involves downloading current data onto an external device which should be kept physically apart from files stored on systems and devices. Unlike cloud backup that requires a nominal monthly fee, the offline process involves a one-time cost for the physical data storage equipment. Offline backup devices provide more by way of privacy, as the admin can more easily control user access versus an online network with many users. But unlike online backup, there are obvious limitations with having a physical device; it’s not something you can travel with and access at any time, and of course, these devices can fail.
Nonetheless, offline backup is a non-negotiable for 3-2-1 best practices. USB drives work well for backing up one PC, and it’s a great idea to have employees backup onto a USB daily. But for larger stores of data, look into an NAS device or other SSDs for offline storage.
Best backup practices involve a hybrid model of both online and offline solutions. External hard drives should be kept in a different physical location in the event of fire or other catastrophic event, and online cloud backups should be automated to prevent user error.
When Backups Fail
When faced with an event like a cyber attack or system failure, many businesses find out the hard way that the problem isn’t failing to perform backups, it’s that they sometimes don’t work. And outside of malware, upgrades and migrations are huge data-loss zones. Statistically, almost 1/3 of businesses lose data during migration and almost half while performing software upgrades on desktops and laptops. Because upgrades and patches are an integral facet of multilayered security that must be unrelentingly consistent, it’s crucial to perform comprehensive backups before initiating them.
Why do backups fail?
- Backups are not performed often enough.
- Data and documents get backed up, not machines.
- Backup is stored on the network drive or shared storage. Certain malware can encrypt backup files by accessing them via the network drive and shared storage.
- Complexity of data, systems, and files is unaccounted for.
- Backup programs are not tested.
- Employees/users store data in unassigned places like Dropbox or Google Drive.
Comprehensive Backup Plan
By utilizing hybrid backup storage and understanding why backups fail, businesses can form a comprehensive backup plan that will cover the bases and safeguard against inevitable data loss. Here are the requirements for a highly effective program:
- Do not rely on backup only. By implementing an intelligent, multilayered security program that includes Next Generation Firewalls and Antivirus Protection plus detailed maintenance of patches and upgrades, organizations can avoid a security event in the first place.
- Know what’s backed up, where, how often, and develop a priority order for system recovery.
- Plan for TOTAL data loss, including all operating systems, apps, devices, etc. How much storage will you need? What is your RTO (Recovery Time)? Consider how long it will take to restore your data.
- Backup Scheduling/Frequency– This will vary depending on number of users and systems/equipment being utilized at any given time. Nightly backup is a simple and effective policy, but more sensitive data may need to be backed up every 30 minutes. The best policy involves a three-tiered system that incorporates daily, short-term, and long-term solutions.
- 3-2-1 Best Practices– This standard and effective model dictates three copies in two locations, one of which is offsite.
- Are backups actually working? Make sure your backups are properly configured, test backups and recovery for total data loss AT LEAST once per year, and do not backup on the network drive.
To learn more about Revival Technology, LLC, visit our website at www.RevivalTechnology.com to find out how we can help your business, the most common services performed, and our process.