Think about how much you rely on your business-critical data, such as customer details, quotes, orders, payment details or coursework/examination files for education establishments. Now imagine how long you would be able to operate without them.
All businesses, regardless of size and type, should take regular backups of their important data, and make sure that these backups are recent and can be restored.
By doing this, you're ensuring your business can still function following the impact of flood, fire, physical damage or theft. Furthermore, if you have backups of your data that you can quickly recover, you can't be blackmailed by ransomware attacks.
Example 1
A University in Victoria, New Zealand recently felt the effect of accidently deleting all files that had been stored on desktop computers.
The plan had been to clear old profiles, but it quickly became apparent that the deletions had
gone much further.
The University of Wellington caters for over 20,000 students who in early February of this year, woke up to an email to say the Uni’s IT team were still working on a technical solution to recovering the data that was deleted over the weekend. Staff accounts were also affected.
Users insistent on storing everything on the desktop were the worst affected by the botched operation to clear disk space.
The work was routine and scheduled maintenance work, but an unexpected issue had occurred which led to a number of files on the desktop being deleted for a significant number of staff.
Example 2 -
During the making of Toy Story 2, someone accidentally ran a server command that rapidly began deleting animation files. Whole characters and movie sequences began disappearing before crew members’ eyes. In total, a year’s worth of work was gone in about 20 seconds.
The team was nervous but figured that they would be able to restore the missing files from their backups. Wrong. Turns out, their backups had failed during the last month. Now what? Without these files, the whole film would need reanimating.
Thankfully, another back up had been made so the files were able to be recovered.
What should businesses consider when backing up data?
Tip 1 – Identify what data you need to back up
Your first step is to identify your essential data. That is, the information that your business couldn't function without. Normally this will comprise documents, photos, emails, contacts, and calendars, most of which are kept in just a few common folders on your computer, phone, tablet or network.
Tip 2 – Keep your back up separate from your computer
Whether it's on a USB stick, on a separate drive or a separate computer, access to data backups should be restricted so that they:
are not accessible by staff
are not permanently connected (either physically or over a local network) to the device holding the original copy
Ransomware (and other malware) can often move to attached storage automatically, which means any such backup could also be infected, leaving you with no backup to recover from. For more resilience, you should consider storing your backups in a different location, so fire or theft won't result in you losing both copies. Cloud storage solutions (see below) are a cost-effective and efficient way of achieving this.
Tip 3 – Consider the cloud
You've probably already used cloud storage during your everyday work and personal life without even knowing - unless you're running your own email server, your emails are already stored 'in the cloud'.
Using cloud storage (where a service provider stores your data on their infrastructure) means your data is physically separate from your location. You'll also benefit from a high level of availability. Service providers can supply your organisation with data storage and web services without you needing to invest in expensive hardware up front. Most providers offer a limited amount of storage space for free, and larger storage capacity for minimal costs to small businesses.
Tip 4 – Read NCSC Cloud Security guidance
Not all service providers are the same, but the market is reasonably mature and most providers have good security practices built-in. By handing over significant parts of your IT services to a service provider, you'll benefit from specialist expertise that smaller organisations would perhaps struggle to justify in terms of cost.
However, before contacting service providers, we encourage you to read the NCSC's Cloud Security Guidance. This guidance will help you decide what to look for when evaluating their services, and what they can offer.
Tip 5 – Make backing up part of your everyday business
We know that backing up is not a very interesting thing to do (and there will always be more important tasks that you feel should take priority), but the majority of network or cloud storage solutions now allow you to make backups automatically.
For instance, when new files of a certain type are saved to specified folders. Using automated backups not only saves time but also ensures that you have the latest version of your files should you need them.
Many off-the-shelf backup solutions are easy to set up, and are affordable considering the business-critical protection they offer. When choosing a solution, you'll also have to consider how much data you need to back up, and how quickly you need to be able to access the data following any incident.