Getting Cyber Security Fit for the New Year Series: The Backup

Does it seem like cyber security people are always going on about backups?

This is because it matters. It really matters.

These days, much of your business information is likely to be stored electronically (on your phone, on your laptop, in the cloud…). We tend to think that this means it is safe, but it isn’t, necessarily. Just as paper documents stored in a filing cabinet can be damaged or destroyed by water or fire, electronic documents can be corrupted or destroyed by a system crash, malware, a hardware failure, a power surge, magnets… and of course, flood or fire.

Electronic files can be accidentally deleted—or deleted on purpose by someone with bad intentions. If an attacker infected your computer with ransomware, and encrypted everything, you may never get your data back.

So having a copy of everything that can’t easily be replaced is important. That copy should be stored somewhere else, away from the original, just in case of a disaster.


What do I need to back up?

You should take a copy of anything that really matters, whether it is personal, such as photos, or business-related, such as contracts, invoices, designs, customer data…

If you’ve got a website, you should make sure that is being backed up too.


Where to store it?

Putting a backup of your data in the cloud is generally safe, assuming that your cloud storage provider takes regular backups.

You could consider also having a copy or two locally, perhaps on a portable hard drive (one recent, one older).


How often should I take a backup?

The frequency of backup will depend on how frequently your data is updated.

Some backup service providers will automatically synchronise documents as you work on them, with a copy in the cloud, so that the difference is minimal. This might be crucially important in some cases—perhaps if you run an online store, and you need to keep on top of orders, payments and stock levels.

On the other hand, data that is only updated once a week, say, doesn’t need to be backed up every hour.

Whatever schedule you decide on, try to automate the backups. You might forget to take a backup, but your computer won’t.


How long should I keep a backup?

Here’s the thing: if your data is infected with malware, and you’ve backed it up without realising, your backup is bad too. You’ll need to restore a copy from before the malware attacked it.

Or maybe you’ve deleted a file that you think isn’t needed any more, only to discover, a while later, that you do need it after all.

You need to keep a backup long enough to recover from a problem, but the older your backup, the older (and therefore the more out of date) the data on it.

So, your business needs might vary, but a typical pattern might be:

  • a regular backup, taken automatically, at least daily, and retained for a month
  • a monthly backup of everything, retained for three months
  • an archive backup of those things that you might want to keep ‘forever’
  • and a backup taken as needed, as a roll-back option, just before you do something that might be risky, such as a major upgrade.


Make sure you can get your data back

Every so often, you should check that you can restore files from your backup.

You don’t need to check every file, but make sure that the backup is working, and that the sample of files that you examine are not corrupted in any way.


Getting started

Got 10 minutes today?

  • Choose one of your devices to back up today, and set a backup running
  • What other devices do you need to think about?

30 minutes?

  • Set up a regular, automated backup routine for that device. Make sure that the device will be powered on at the time when you want to run the backup, but that you’ve set a time that won’t interfere with your work
  • Do you know how to recover the data, if you needed to?

60 minutes or more?

  • Create a backup plan for all your office data. Is it all stored in the cloud? Should it be?
    • Consider the 3:2:1 rule, which suggests 3 copies of anything important on 2 types of storage devices, 1 of which should be offsite, such as in the cloud
  • Consider the type, pattern and frequency of backup you need
    • Realtime incremental backups (only backing up what has changed)?
    • Daily/weekly/monthly full backups?
  • Write (or ask someone else to write – hint: we can help) a backup policy for your office.


Want more?

We have a Guide to Backups that is available to download. And if you’d like advice or help on getting your cyber security match-fit, give us a call on 0113 733 7230 or fill out the form.