Data recovery and online backup

Tuesday, June 21st, 2022

In this article, we ask if your backup and data recovery solution is fit for purpose.

During the Covid-19 pandemic the world saw a massive increase in cyber-crime. Attacks against banks and financial institutions, for example, went up 238%. Cyber-attacks against schools, hospitals and other public institutions skyrocketed. Just one hour’s downtime can cost the average medium-sized business over £60,000. The ability to recover business data following a cyber-attack has never been more important. However, many organizations will find their current data backup and recovery solutions create a false sense of security.

Disaster strikes

Whether it’s a cyber-attack, power outage, hard drive failure, burst pipe or electrical fire, there are numerous good reasons to have your data backed up and a disaster recovery (DR) plan in place. Incredibly, 17% of UK businesses have no backup systems whatsoever while 50% fail to follow best practice.1 Backing up your data to an on-site server might seem like a good idea until your office burns down or floods, leaving you with no way to recover your data.

Testing, testing, testing

Many organisations rely on outdated or unreliable backup systems, and never run data recovery tests. If you are one of these organisations, you could be in for a nasty surprise. According to Sherweb, 23% of organisations with a backup solution found they were unable to recover any data when required. The reality is that data backup solutions can and do fail. For example, a backup solution might fail because of problems with the storage media, software, network, configuration and human error. There are several things you can do to help safeguard your data. Firstly, you can back up your data frequently. Next, you can run regular data recovery tests. And finally, ensure your backup systems are managed by a competent professional.2

Regulatory compliance

Under EU GDPR legislation and UK Data Protection Act (2018) every business is legally responsible for the data it holds. Organisations should be able to demonstrate that they have robust data backup and disaster recovery plans appropriate to the risks under GDPR, Article 32; Security of Processing:

(a) the pseudonymisation and encryption of personal data;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

Official guidance

The National Cyber Security Centre (NCSC) offers advice about offline backups in an online world. The NCSC also provides information for small businesses on the best ways to backup and secure data: Small Business Guide to Cyber Security.

The Rule of Three

Modern Networks follows the ‘Rule of Three’ for data backup. First, we recommend you keep three copies of your data. Second, backup data on two different types of media. Third, ensure one backup is kept off-site, preferably in the Cloud. It’s important you create a robust disaster recovery plan based on a full risk assessment. Of course, not all data is created equal. You might want to adopt different backup solutions for critical and non-critical data. Create a schedule for data recovery tests and document the process. Ensure you test your people as well as your systems. Make sure your people are well rehearsed in your data recovery procedures. Review and update your recovery plan regularly.

Working from home

Today, we all talk about working from home as the new normal. That means lots of company data is sitting on laptops, tablets and smartphones. However, mobile devices are vulnerable to theft, damage and malware. Adopting an automated, secure Cloud backup can help ensure the integrity of your data, wherever it resides. Microsoft 365, for example, offers OneCloud data storage and backup service.

Counting the costs

If the pandemic taught us anything, it’s that you never know when disaster will strike. The effects of a cyber-attack or data breach can be costly and long lasting. For example, a cyber-attack will cause an initial period of business interruption and lost productivity. Next, your organisation will have to fix whatever damage the attack caused. That will take time and money. Additionally, you might have to deal with the negative publicity that can accompany a high-profile cyber-attack or data breach. You will have to inform your customers, partners, suppliers, and the authorities that an incident has occurred.

Your business is likely to see an increase in its insurance premiums after a cyber-attack. Your company might also be subject to legal action and financial penalties from the regulator. However, you can take ten basic precautions against the most common cyber threats:

  1. Use strong passwords
  2. Use a password manager
  3. Don’t write passwords down or share them
  4. Don’t use the same password twice
  5. Do use multi-factory authentication (MFA)
  6. Do use anti-virus software
  7. Do use a properly configured firewall
  8. Keep your IT systems and software up to date (install security patches when published)
  9. Have a tried-and-trusted backup and data recovery plan
  10. Ensure your staff receive regular cyber security awareness training.

At Modern Networks, we understand the importance of having a secure, fully integrated backup and data recovery strategy. We are always happy to discuss your business needs, provide expert advice and practical solutions.

Sources:

  1. itpro.co.uk
  2. csoonline.com