March 31st is World Backup Day (who knew?). Data backup isn’t a glamorous subject, even among IT professionals. But it may just be the most important and most overlooked part of a business’ IT plan. Loss of data can be devastating for a business. Some businesses are unable to recover from a complete data loss. The good news is that planning ahead can drastically reduce your risk of becoming a victim. In this article, I’ll run down a some best practices for your business to implement.
It All Starts with a Plan
Unfortunately, many businesses have no formal backup plan at all. Some leave it to individual users to back up their data, or assume that ad hoc backups to removable drives are good enough. At best, this provides a false sense of security. To ensure that your business never suffers permanent data loss, you need to implement a clear plan. Preferably, you should contact an IT firm with experience in business backup and disaster recovery. An experienced professional can help you set up a multi-layered plan that ensures that your data will be safe. Your IT consultant should be able to explain in detail how your data will be safe in any scenario you can think of, from physical theft to hacking to natural disasters.
But what type of plan should you ask about?
Start With The 3-2-1 Backup Rule
Most IT professionals recommend the “3-2-1” rule as a guideline for backup plans. This means that there should be at least 3 copies of your data, in 2 separate formats, with at least 1 copy at an offsite location. This is only a general guideline, and there are many ways to achieve compliance with it. But it should be viewed as a minimum….if your current backup plan does not meet the 3-2-1 rule, you should be worried!
Why three copies? Simply put, the more copies the better. Three is the minimum that any business should feel safe with, because it means that three things have to go wrong to destroy your data rather than two. Luckily, storage has never been cheaper than it is today, so three copies shouldn’t place an undue burden on a business.
Why two separate formats? Again, it’s all about risk reduction. If your backups are on at least two different types of media, then the chances are lower that a single type of attack or accident will destroy both copies. For example, extremely important data can be stored on “write-once” media, such as optical disks. This would ensure that your data would be protected from malware that attempts to overwrite other forms of backup.
Why at least one offsite copy? You’re probably sensing a theme by now! Having a copy offsite reduces the risk that all copies will be lost, by creating physical separation. If you have two copies at your office, it is possible that something like a flood or a fire could destroy both. If you have a third copy stored with a cloud provider, even the loss of all of your hardware won’t endanger your data.
Other Considerations: Security
The 3-2-1 rule is a great start, but it doesn’t cover all possible backup scenarios. For example, some data may be more critical than others. Perhaps it makes sense to have more than 3 copies of absolutely critical business data. But what about data security? This is especially important for businesses that work with sensitive information, such as attorneys or medical professionals. But really, any business that has confidential information needs to consider security when it comes to backups.
Suppose that your computers are secured with strong passwords and encryption, but your backups are made to an unencrypted hard drive? If the hard drive is lost or stolen, your data may be exposed. Similarly, an insecure cloud backup service could lead to hackers obtaining your data. Backups need to be a part of your overall security strategy, and each layer needs to be protected as strongly as the others. Your security plan is only as strong as its weakest link!
A World Backup Day Resolution
So with the above information, take some time this week to assess your business backup plan. Could your business survive a total loss of data on your production PCs? If your network was infected with ransomware, are you confident that you and your employees could get back to work as quickly as possible? In the event of a fire or flood, could you be up and running within a day or two? Can you confidently say that no business data would be lost?
If not, make a resolution to get a backup plan in place for the coming year. If you have internal IT, ask them to come up with a plan that meets the 3-2-1 rule. And make sure to get it in writing! Management needs to know that their data is secure, and should be able to understand how it is secured from various threats. If you have any questions or would like help implementing a secure backup plan, feel free to contact us.