Data backup: good habits and common pitfalls
This is a dangerous age for business. From viruses to malware, there’s no shortage of landmines in the digital landscape, and new threats are popping up all the time. Unfortunately, there’s no foolproof way to defend against cyber attack or data corruption – that’s why data backup is so integral to your cyber plan. After all, losing sensitive information forever can have devastating consequences for your business and for your customers.
Cyber attacks in Canada have skyrocketed 160% year over year, and more businesses are having to invest large amounts in recovery and restoration to ensure their operations can continue. Below, Donna Millingen, Underwriting Specialist in Professional Liability at Northbridge Insurance, breaks down some common assumptions about backing up data and offers smart tips to get your data backup routine up to speed.
Q: What sort of data do I need to back up?
A: The simple answer is everything. All data that’s private or can’t be replaced should be backed up, no exceptions.
Why? Well, it’s difficult to know what information hackers might be after, because cyber attacks can have different end goals. And since cyber breaches are so random in nature, you don’t want to compromise your ability to get up and running after a cyber attack by neglecting a hard drive.
It’s easy to rank your assets (data included) in terms of priority, especially if you’re running a small business that pulls you in several directions at once. But while credit card data that’s stored on your system is clearly sensitive, other data like names and addresses or confidential documents could draw the attention of thieves, too.
So, don’t waste your time deciding on where to put your efforts – look at your data as a complete, autonomous thing that needs strong protection to recover from a data breach or disruption.
Q: How often should my company back up data? How do I create a backup schedule?
A: Just as all data is important to back up, frequency is crucial to a sound safety net. The problem is, manually backing up data can be time consuming.
Most experts agree that a full backup should be conducted every week, and you should backup each day’s transactions at least once daily. The frequency really depends on how often your data changes – for an online trading platform, where data changes by the second, data needs to be constantly backed up. Your operation may not call for that same level of attention.
Fortunately, you can save yourself some effort by using data backup software to automatically update as needed. If you’re not sure how to set up an automatic backup on your system, don’t fret – there’s usually a relatively straightforward approach that your resident software specialist can help determine.
Most experts agree that a full backup should be conducted every week, and you should backup each day’s transactions at least once daily.
Q: Are there different approaches to backing up data?
A: Backing up means taking the data on your system and making a duplicate in case you need to access that info again at some point because of a system failure or cyber attack. However, we can dig a bit deeper into this definition; there are a few different types of data backup, and It’s worth noting their differences.
Different vendors may have numerous backup solutions, but there are three general types of backups to consider: full, incremental, and differential. A full backup is just as it sounds – a copy of your entire data set. But, as you can imagine, a full backup requires time, effort, and a lot of storage space.
Incremental backups are a good middle ground for many businesses, as they require less time and effort, since they only backup the data that’s changed since the previous backup. Differential backups are similar in that they track only the data that’s changed, but this sort of backup contains all data that’s changed since the last full backup.
Q: What’s the best place to store my backed-up data?
A: Consider the 3-2-1 backup rule. It goes like this: you must have at least three independent copies of your data (the original plus two copies) stored on two different types of media, one of which is offsite. Data should be kept externally, either in the cloud or locally on a separate drive (but that’s still external to your operating system).
In this best practice, you’re spreading out your data across platforms and locations to lower your chances of a loss if one type of storage should fail. But as data needs and storage have evolved, so has backup strategy, and some are questioning the efficacy of the time-honoured 3-2-1 approach. Instead, businesses might want to consider a 3-2-2 or 3-2-3 configuration – you’ll need to examine your business needs and what’s at stake to decide for yourself.
Q: So, I’ve backed up my data – are all my bases covered now?
A: Backing up is a vital first step, but if that data is inconsistent or incorrect, it’s of no use to you when you need it most. Testing your backup integrity is an important part of your program. Quarterly tests are a common best practice, and in order to ensure the data in intact, you’ll want to periodically retrieve a backed-up file, open it on a separate system, and compare that to the original file. Knowing your backups work as expected and restore properly will help you sleep better at night, and regular integrity checks will also confirm that the data is being backed up at your chosen interval.
Q: What are some common mistakes people make when they back up data?
A: Three common pitfalls spring to mind: not doing your backups on a consistent basis, not testing the backups to ensure they function, and not storing the backups offsite. These concerns have all been outlined above, but it’s impossible to overstate their importance.
Remember to keep the worst-case scenario in mind. It might seem pessimistic, but reminding yourself what’s on the line if something goes wrong can help you stick to your data backup plan and pay attention to cyber threats. The other side of the equation is to enlist outside support: working with a broker and insurer that can provide carefully tailored cyber risk coverage that speaks to current cyber risk – and anticipates evolving exposures – can come to your rescue.