World Backup Day is designed as a reminder of the importance of backing up critical data. In a world with increasing cyber threats – 39% of UK businesses suffered a cyber attack in the last twelve months – as well as the ever present likelihood of human error, natural disaster or simple technological failure, backups are more important than ever. They are the only way for businesses to prevent significant downtime in the event of any incident that causes data loss.
This World Backup Day, eight industry experts give their top advice on backing up business data.
Build a multilayered backup strategy
These days, most businesses are aware of the importance of backing up their data. However, many still rely on simple, automatic backup systems that are stored in the same location as their data. The key to true protection for data is having a proactive and multilayered backup strategy.
“Popular technologies, such as high availability, will not save an organisation from every scenario when issues are instantly replicated from the primary server to the secondary! Regulations often mandate regular backups within their list of expectations but even best practices and, dare I say, common sense, acknowledge that offline copies offer the best chance of avoiding long-term disruption,” says Robin Tatum, Director of Security Technologies and IBM Champion, HelpSystems.
“Organisations need to ensure they are keeping a current inventory of their data and where it is stored, critically prioritising the data and adjusting the backup strategy to align to the 3-2-1 model,” explains Steve Cochran, Chief Technology Officer, ConnectWise. “This means having three copies, on two devices/media, and one off-line for the backup. Having a backup service storage that is disconnected from the network or system and securely placed in a different, yet accessible location, is hugely important in case all online locations are impacted. As is testing the backups to ensure that, if needed, data can be retrieved, and systems up and running instantly.”
Christopher Rogers, Technology Evangelist at Zerto, acknowledges that, “when implementing a robust recovery plan, it can be difficult to know where to start.”
As such, he offers some criteria that organisations can use to ensure that they will be able to recover quickly from any data loss incidents. These include:
- “Ditching legacy data protection and move to continuous data protection (CDP)
- Centre your recovery plan around your applications, not simply the data that makes up an application
- Fit the recovery plan around your business and where you’re headed rather than adapting your business to technology constraints.
“The real key is to create a plan that scales with your business and where you want to be in three to five years. By thinking ahead and planning accordingly, you can really deliver on continuous availability and an uninterrupted business.“
Ensure new environments are protected
As technology evolves, it’s crucial that businesses ensure that their backup strategies evolve alongside it. For example, as businesses increasingly move to the cloud, they must make certain that data stored there is also protected.
“If your organisation is transitioning workloads to public cloud, you may well have concerns around losing control of your data. These aren’t unfounded – SaaS providers take backups to ensure the integrity of their services, but they will not take responsibility for data loss that results from accidental deletion, malware or operational errors. This year’s World Backup Day is an opportunity for organisations to consider how they protect data stored in public cloud environments. I recommend partnering with a trusted data protection provider to hand control of your mission-critical data back to your organisation,” explains Myles Currie, Product Manager – End User Compute, Six Degrees.
Terry Storrar, Managing Director, Leaseweb UK, agrees: “With businesses increasingly migrating to the cloud, more emphasis needs to be placed on protecting mission critical data wherever it is located. Thankfully, modern cloud backup solutions have the benefit of being suitable for businesses of any size. They allow for data backup from any server or device, anywhere with an internet connection. Cloud backup solutions are easy to manage, and their providers offer reliable, hands-on customer support.”
The human factor
Of course, protecting data cannot rely on technology alone. Neil Jones, Director of CyberSecurity Evangelism, Egnyte, points out the importance of educating staff in preventing data loss.
“With proper training and by focusing on the importance of proactive data backup procedures, organisations can protect themselves from becoming victims of the next big data breach. Limiting access to mission-critical internal data on a ‘business need to know’ basis also enables you to minimise the potential cyber-threat attack surface and prioritise threats more effectively.”
Furthermore, Jones notes, raising awareness of the importance of backups does not end with employees; “Unfortunately, many organisational stakeholders are unaware of how to properly protect their companies’ valuable data, so it’s up to the company to educate them on best practices.”
Looking out for ransomware
One of the biggest threats to organisations’ data is the rise of ransomware. Whilst backing up data has long been seen as a protection against ransomware, the increasing sophistication and protection of attacks means that further steps are necessary.
“In some recent attacks, not only was the data held hostage but the backups as well, ultimately making it impossible to recover from the attack without paying the ransom. This means that it is no longer enough to backup data locally. Businesses should now backup to a separate storage device or in the cloud that is safely guarded from ransomware attacks, and ensure that these backups are isolated from network connections. Organisations with mature practices will always have a local backup and an offsite backup that is safely guarded and protected from tampering,” says Richard Barretto, Chief Information Security Officer, Progress.
Gregg Mearing, CTO, Node4, says that, in addition to this, backup strategies should now include active cybersecurity protection: “Robust cybersecurity defence is imperative and must form part of an effective backup strategy. Although not a new practice, threat actors are increasingly laying dormant – referred to as dwell time – to strategically plan an attack launch date that causes maximum damage. Our experts are finding that dwell times are extending – whilst before they waited an average of 11 days, cybercriminals now are waiting months to launch attacks. This method of deploying ransomware provides attackers with more time to encrypt or wipe backups, which can force an organisation back months to access a system restore. In a fast-moving, high data generation world, it is unlikely that a month-old backup will bear any resemblance to a business’ position at the point of ransomware launch.
“As internal security teams are short-staffed and under more pressure than ever, they could benefit from working with a managed service provider (MSP) to deploy and manage their backup solutions. MSPs can provide technical support and advice on a backup and recovery plan that matches the risks of each specific business and identifies the most effective backup location for each data tier. Organisations can reap the long-term benefits by working closely with the right partner.”