Too many people just assume that their backup is magically protecting all critical business data. Unfortunately, it’s not until they try to get their data and systems back that they realise their backup has not been set up correctly or is failing.
Dropping a file into Dropbox is not a backup,
it’s just like your PC hard drive, but in the cloud.
That’s why today, it’s more important than ever to make sure you have a solid backup and recovery plan to help you quickly and painlessly recover from an incident such as cyber-attack, data breach or disaster. Even small companies need a real backup solution, if you have no data then you will probably not have a business.
In the past, backups were mainly for protecting against accidental loss or drive corruption. Now there is an ever-increasing threat of cyber-attack and the backup & recovery process is more vital than ever before.
If you have any personal data then understand the requirements from the General Data Protection Regulations.
(1) Know what critical data you have and where it is, create an information asset register. Add this information to your GDPR documentation. Define what you will do and record when to protect personal information.
(2) Understand how long you can work without that data, this refers to the common term “Recovery Time Objective” or RTO. How long does it take to restore the system, what will you do during this time? Design your backup system to meet the recovery time objective.
(3) How much data can you afford to lose? This is sometimes referred to as the “Recovery Point Objective” or RPO. When you restore your data how much will be lost, 1 day...1 week... Design your backup to meet your Recovery Point Objective.
(4) Implement your backup and recovery strategy. Make sure you have adequate cover, we recommend 28 days of backups along with month end backups. There may be some files that you only access quarterly or annually such as accounts files.
(5) Arrange for regular backup restore tests. Test backup and restore systems at least monthly. You need to know it works and you need to be familiar with the process. When you really need to complete a restore you dont want to be learning how to use the system. You need to understand the quirks of your applications and what is required to make the data accessible and systems work after a restore has been completed.
(6) Consider an online backup this can be set to automatically store your data offsite, try and remove the element of human error. Online backup systems are more than just cloud storage, copying files to OneDrive, GoogleDrive or DropBox is not an effective and reliable backup system.
(7) Ensure your backup data is secured, if your using tapes or disks ensure the data is encrypted, if you are using an online system make sure the data is encrypted whilst being uploaded (in transit) and at the datacentre (at rest). Make sure you know how to recover the data back to a new system, this may require the entry for the key used to encrypt the data.
(8) Review any offsite backup systems and storage and consider the type of data and your legal obligations (GDPR, MIFID). we recommend a system that keeps your data in the UK.
(9) Implement previous versions on your servers, this built-in facility on Windows servers provides a self-service recovery system for users to restore their own files. All you need is enough spare space on your server. Disk space is cheap and losing data is expensive.
(10) Review your data, systems and recovery processes regularly.
Modern backup systems available to small and medium sized companies now offer real disaster recovery options, the technology previously used by large corporates has now filtered down to smaller organisations.