10 things business leaders need to know about data backups
Last updated on April 16th, 2020
I was recently asked by a journalist to give some pointers on backing up data for business leaders and IT professionals in small and mid-market companies. It’s obviously a huge area with a different slant dependent on the reader and the environment. I jotted down 10 key areas that need focus when considering backup systems for businesses of virtually any size.
1. Design your lifecycle operations calendar
To be effective, a backup operation requires a calendar of tasks that need to be completed every day. There are also weekly, monthly, quarterly and annual tasks that are just as critical, and also strategic. The full lifecycle should be mapped out as a documented policy and performed on schedule.
2. Review backup logs daily
You can’t just shut your eyes and assume that your backups will work without any intervention. You should be analysing your backup reports daily, either manually or via a monitoring and alerting system. It’s also important to ensure that you address any backup issues daily, as what may seem a small issue can soon escalate into a disaster scenario.
3. Ensure you verify backups
Most backup systems will verify a backup after it completes, but this isn’t a guarantee of recovery. You should schedule and undertake restore tests on a regular basis to ensure you can recover files and complete systems if the need arises.
4. Have a DR plan
It’s one thing having backups that are completing successfully every night, but you need to understand that running backups doesn’t constitute a disaster recovery plan. Any business of any size needs to identify and assess business risks. They also need to document and communicate what they will do if any sort of disaster occurs in their environment. It’s also important to think beyond IT when writing a disaster recovery or business continuity plan. What happens if a key supplier can’t get critical components to your manufacturing plant? What happens if key personnel come down with a long-term illness? Assess all risks, accept those risks, or put in suitable controls to mitigate them.
5. Test your recovery speed
You need to ensure that you know how long it will take to restore key systems, as well as your total environment. How long can your business function without access to a certain system or data? Is this balanced against the time it will take you to get a system back online?
6. It’s not just backup
Backup is just one component of a data protection strategy; others include replication, snapshots and high-availability solutions. Generally backup is the last resort option for data recovery, typically due to the amount of time it can take to get operations up and running again from a backup. The best solution is to use something like Disaster Recovery as a Service (DRaaS) or a similar high-availability solution for business continuity to protect yourself in a disaster scenario, i.e. perhaps replicate your key systems to a second office or into the cloud. This would potentially allow you to get operational within seconds or minutes, rather than days.
7. Encrypt backups
If you send your backups offsite in any way, then you should ensure that you encrypt them. If you don’t, a third-party could recover all of your systems and data with relative ease if they were to come across your backup media or access an online system.
8. Ensure your system is scalable
Generally, most of the main vendors will allow you to scale and move between different setups and technology. You may also need to consider what the scaling costs will be: don’t forget that data growth is fast and backup storage technologies and media types can be expensive. Make sure you understand what your on-going costs are going to be. You may need to spend money now to save money in the mid to long-term.
9. Know where your data is
You need to consider where all of your data is. If your staff store data on their laptops and other mobile devices, how will you back up that data? Is it secure and controlled? Can you get it back within an acceptable time-frame?
10. Consider where you store data backups
You will typically store data backups on tape, disk, or a remote location (typically cloud-based). It’s all very well storing all of your data in the cloud or at a remote site, but how long is it going to take you to get all of that backup data back to site when the time comes to restore it? Typically a hybrid model works well, i.e. locally duplicates a certain amount of recent backup data to allow for fast restoration if required.
Beyond these points, I’d always say that it’s important to understand the costs to your business if you lose data or system access for a prolonged period. Could you lose a day’s worth of data? Could you lose a week’s worth? What if you couldn’t get access to a system or systems for an hour, a day or a week? If you can calculate the costs of different loss scenarios then you’ll be able to balance risk against a budget.
In the press: Cybersecurity best practice for insurers
As the British Insurance Brokers Association (BIBA) announce the launch of a cyber committee dedicated to helping the insurance sector as a whole tackle the increasing numbers of security breaches, Robert Rutherford shares his insights on how life and health insurance providers can create a successful cybersecurity strategy that will protect their business and confidential […]
Security Awareness Training FAQ: Why it’s absolutely vital for every employee
In 2021, experts estimate there will be a cyber-attack incident every 11 seconds. That’s twice what it was in 2019. And four times the rate five years ago. These shocking statistics probably aren’t even that shocking. Every Director knows that security is a pressing issue. It’s a topic of conversation in every board room and a significant budget has been allocated to […]
The top 5 IT support problems for growing businesses and how to fix them
IT is critical for the day-to-day operations of the majority of businesses, and when used effectively it has the potential to drive dramatic growth. Though small businesses often do not have a large budget, there are areas of their IT management which can easily be improved – without the need to invest a lot of […]