top of page

Backup your data now, not later

How many of us have experienced difficulties in opening an important file, or found you’re unable to access some data you need, or even experienced a hard drive failure which had important documents or photos stored on it? Now imagine that all your important data was unavailable and how that would impact on your business continuity.

At the WCRC we often focus on the importance of strong passwords, using multi-factor authentication (MFA), and recognising phishing attacks as a cybercriminal may try to crack your password or send a phishing email to deploy a type of malware called ‘ransomware’.

Ransomware causes your data on your computer and wider network to be encrypted, meaning you can no longer access it. You will likely receive an on-screen notification from the cybercriminal, explaining the ransom and how to make the payment to unlock your computer and regain access to your data. Payment is usually demanded in a cryptocurrency, such as Bitcoin. But if you have a back-up then you are in a position to ensure your business can continue to operate.

Although ransomware is one reason why it is important to create a backup copy of your important data, it also applies where your device is lost or stolen, or your device breaks, or the data on your device is accidentally deleted or becomes unreadable.

When you make a backup, make sure it is stored in a separate safe location, whether that is on the internet (known as cloud storage), or on removable media (such as USB stick, SD card, or external hard drive). This is important as we have spoken to Welsh businesses that were creating backups, but not keeping them separate to their main network/computer, and as such were of no use when they suffered a successful ransomware attack as these ‘backups’ were also encrypted.

Once you've made a backup, if you lose access to your original data, you can restore a copy of it from the backup. As a rule of thumb, you should back up anything that you value. That is, anything that would inconvenience you - for whatever reason - if you could no longer access it.

On World Backup Day (31 March) everyone is encouraged to be prepared for data loss and data theft and to backup and better protect their data. So, if you aren’t already backing up now is the time to start.

If you want to learn more about backing up your data, then the National Cyber Security Centre provides guidance on this topic. There are also links to the major providers' instructions for backing up files using their cloud storage solutions. Most providers support regular automatic backup to a connected cloud storage account and can backup your data daily/weekly (or when new files are added to specific folders).

If you do fall victim to a successful ransomware attack then you are the victim of a crime and should contact Action Fraud to report it.

Unsure of the signs of ransomware, phishing attacks or any other cybercrimes? The WCRC offers security awareness training aimed at those with limited or no previous cyber knowledge. The session will help you and your staff better understand how incidents happen and how to build defences against threats. To book a session or to see how we can help, please contact our team.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page