Business Guide to Data Backup and Recovery Best Practices

A well maintained, encrypted backup of your company’s data is the best asset you can have in the event of a breach or disaster.  A University of Maryland study discovered that hackers attack every 39 seconds. That’s an average of 2,244 times a day. Ask yourself, what would happen if you suddenly lost all of the important data from your IT systems? A properly maintained data backup can get you back to business as usual as quickly as possible after a disruption.

Tens of thousands of businesses have found themselves in that exact position. Ransomware, DDOS attacks, Phishing Scams malware, and other cyberattacks can destroy your business in the blink of an eye. Unfortunately nearly 60% of businesses that experience data loss close within six months of the incident. You need a disaster recovery plan with a backup solution in place to help protect your business in the event of an incident.

Finding Your Backup Type

So what is a data backup? A data backup is simply a copy of your business’s computer data taken and stored elsewhere, whether on-site, physically in external hard drives, offsite, in a data center, or in the cloud, so that it may be used to restore the original and get you back to business quickly after a data loss incident.

When it comes to data backup solutions, you can choose from two options – a full backup or an incremental backup. Depending on your unique business needs, you may choose to backup all your data if you have a lot of important data or have compliance requirements for data storage. Or you may choose to utilize an incremental backup, this backs up only the files that have been updated or created since the last incremental backup. A full backup will require more storage than a partial or incremental backup. An incremental backup is faster than a full backup and requires less storage space. However, in the event of an incident, you will need to have all incremental backups available for use. If there is a specific file you need to find, you may have some trouble and find yourself searching through several months of incremental backups.

In the year 2015, there were over 2,000 confirmed breaches internationally with known data loss. The idea of a backup plan may seem costly or overwhelming, however, the average cost of a ransomware attack on a business is $133,000. Can your business afford to recover from an over 100k loss? How long do you think a complete recovery takes? According to IBM, it takes about 197 days for a business to identify a breach and 69 days to contain that breach. It is far easier — and more efficient — to spend time backing up data, rather than to risk any loss. Data backup and disaster recovery are critical for all businesses. Without routinely backing up your data, you leave yourself at risk of a devastating cyberattack with no path to recovery. Read on to learn the Data Backup Best Practices.

Regular Backups

You’re only as good as your last saved backup. If that backup occurred two months ago, where would that leave your business today? Performing backups on a regular basis for your organization’s important data is the best way to ensure you will be able to bounce back quickly after an incident. We recommend utilizing an automatic backup cloud-based solution instead of a physical backup with on-site data storage. Automation helps remove human error from the backup equation. You can set policies to perform a weekly, monthly,or even daily backup if needed. In the event of a natural disaster, robbery, fire, flood, or another incident your onsite physical backup is more likely to become compromised than a cloud backup solution. Remote offsite backups are considered backup best practices for this reason. Your business can also save money by switching to remote and cloud-based storage options. These cloud-based offsite backups help your business save money on maintenance, equipment, and management costs.

Encrypted Backups

Unencrypted data is less of an asset for your business and more of a liability. Your data backup strategy should always include a review of security procedures and a plan for data encryption in transit and at rest. Data that is not encrypted can easily be compromised by a data breach. Talk to your cybersecurity professional about encrypting your data backups before it’s too late. Encrypt your data backups before you need to access them after a disaster or breach. Whether using a cloud backup, remote backup, onsite backup, or physical backup, there are options to encrypt your data before a disaster occurs. Data security plays an important role in your backup strategy and business continuity plan after an incident or data breach.

BYOD and Data Backup

Consider your companies Bring Your Own Device or BYOD policy and how that may impact any backup system you have in place. A BYOD policy can be convenient for business owners and employees in many ways including savings on device costs and greater flexibility for staff. Almost 75% of businesses today support or plan to support bring-your-own-device policies. However, this increase in flexibility creates an equal headache for data-loss risk. You should account for any and all data on devices that exist outside your business-like cell phones, tablets, laptops, and home computers. First, consider what essential data you need to store from these devices. Next, consult with your remote backup service and see if you are able to install a client on a home computer and designate specific folders on that computer to be backed up. If your backup plan does not offer this as an option, you can create a policy that requires employees to back up any work performed at home to a work computer or upload these to a shared folder location each day. If your sales associates or other employees use cellphones to keep contact lists or other documents these need to be backed up as well. These backup solutions and backup strategy plans are important to review now that more businesses than ever before are transitioning to work from home.

Data Retention Span

How long are you retaining copies of your backups? What compliance requirements do you need to keep in mind when creating your recovery plan and backup strategy? Will these compliance requirements impact the medium through which you store backups? We recommend you consult with a cybersecurity compliance professional to determine what data backup retention requirements that your organization needs to comply with. In 2020 there are many data privacy laws like CCPA in the US and GDPR abroad that your organization must comply with. HIPAA Hi-Tech, NYDFS, CMMC,and other regulations place important standards on data retention and security of certain records. GDPR and CCPA both include a “right to erasure” on the other hand, which means some records must be deleted upon request. The most important thing for you as a business owner to know is what data you are required to backup, what data you are required to delete and how you should protect and encrypt that data. By knowing what data backup retention laws and regulations you must comply with you can also limit the amount of data you store, this will help save on data storage costs. Backups that are old, out of date or no longer relevant should be deleted promptly to avoid unnecessary costs.

Remote Backups

We have mentioned remote and onsite backup options in this blog multiple times. We recommend you consult with a data backup and disaster recovery specialist to determine what backup strategy is best for you. In a remote backup solution, your business devices will automatically send data to a remote center at whatever interval you specify. Your business sets up this remote backup plan by installing the appropriate software on the devices you need to backup, assigning a schedule for the backup and identifying the data by file or folder that should be backed up. After the initial set up, you can sit back and relax as the software begins backing up your data for you. Automation can reduce your risk of human error and make it easier to ensure a successful and compliant backup strategy. A remote backup solution can be convenient for businesses looking to save money and avoid purchasing backup equipment or those who want to recover critical information quickly after an incident. However, in the case of a natural disaster, a remote backup requires internet access to fully restore your information. Always ensure your remote data is secure by encrypting it before transfer to the backup solution. If you have sensitive data living in AWS, consider engaging an AWS Cloud Consulting company to help ensure it remains available.

Here are the essential things to ask when creating or reviewing your data backup practices:

  1. What data do I need right away after an incident if I don’t have access to the internet?
  2. Where will I store these files?
  3. What compliance requirements do I need to follow with my data backups?
  4. How often will my data backup occur?
  5. Who is responsible for ensuring the security, encryption, and success of these data backups?
  6. How often will I test my backups?

These are the data backup best practices your business needs to know to help prevent data loss and bounce back quickly after an incident. Managing Backup and Disaster recovery may feel daunting, but it doesn’t have to be. Touchstone is here to help. From day one we begin working to reduce your organizational risk, provide world-class security to your critical IT infrastructure, and generate detailed reports so you can understand the health of your environment. We can help manage your data so you focus on your business with confidence.

Get a free 60-minute Data Backup and Recovery call with a senior CISO

Contact Us