Backing up your data is one of those information security chores that we know is important but we often neglect to do, it is basically the cleaning your gutters of information security. Just as failing to clean gutters can lead to eventual roof leaks, failing to back up your data can lead to big problems should a natural or unnatural disaster occur. Disaster’s come in many forms varying from flood, theft, and electrical surges to malicious insiders or outsiders with a grudge against your business seeking to do harm.
Now that you are convinced that backing up your data is one of the most important steps you can take to ensure your business or personal files are protected how do you get started? Two items to consider are what are your Recovery Point and Recovery Time Objectives? Simply put a Recovery Point Objective guides you to frequency of backups while RecoveryTime Objectives determine a business risk based target for when the system must be operational again.
RPO – If your business Recovery Point Objective (RPO) is to lose at most a day’s worth of data you are fine performing daily backups that can recover you to the desired time. Likewise if it is a personal computer contains information that is only updated with photos and key documents on a weekly basis you are fine setting an RPO of one week.
RTO – If you perform a risk assessment and determine your Recovery Time Objective (RTO) is 3 days that means you must craft your backup and recovery program to allow system recovery within this time frame.
Data Backup Tips
- Backup frequency should be determined by your Recovery Point Objective (RPO) and the importance of the data.
- Automate your backups using scheduling software to ensure they happen regularly and to minimize the likelihood of human error
- Store the backup sufficient distance away from the primary source of the data. This helps ensure that both copies of the data are not lost if you experience a fire, flood, or theft. Good ways to do this include using a secure online backup service, a professional physical backup service, or by storing physical drives or media in a bank safety deposit box
- Verify that your technical support people are monitoring backup failure reports. Backups can fail for a wide variety of reasons so it is important to regularly monitor the success of backups.
- The ultimate proof that your data can be recovered is to perform a restoration test. This will validate the backup is of good quality and that you are truly protected. It is recommended backups be tested annually at a minimum
Ways to backup your data:
1. Online Backup Services – Online backup is both cost effective and a convenient way to ensure the information is far enough away from your primary data source. For a business I recommend sticking with large reputable providers and avoiding free services that may not be there tomorrow. I will review online backup services in a future post but for now you can consider highly rated providers Mozy, IDrive or Amazon S3 storage services
2. External Hard drives – An external hard drive is a great way to conveniently store backups that are smaller in nature and then storing it in an off site location. I would consider getting 2 2 TB external hard drives that would enable you to set up a small off site rotation plan.
3. Recordable Cds/Dvds – A recordable DVD drive is a great way to make a portable backup that can be stored off-site in a bank safety deposit box or other secure location.
4. Magnetic Tape – Is cost effective for larger corporations with large volumes of data but for smaller businesses I recommend one of the options recommended above.