Much like brushing your teeth twice a day, we all know we should do backups but sometimes we let it slip or we do a rush job that’s really insufficient. In today’s article I want to discuss some pertinent points around backups and some of the misconceptions that exist around the subject.
Backups are not just for accidental deletion
We tend to think that backups are there for when someone accidentally deletes things. While this is true, a more modern reason is to have some form of recovery when absolute disaster strikes in the form of malware or extortion. In the event of a virus or ransomware infection where your data is encrypted by a hacker, backups can save you from expensive extortion tactics and ransom. I know of a large retailer hit by ransomware that was able to recover within a day and not pay any ransom, but I also know of far more small businesses that have lost all their financial and client records without any recourse. Being able to restore within a day or two is a much cheaper option than hoping your data is returned after paying hundreds of thousands in ransom!
Cloud storage (OneDrive/Dropbox/iCloud) is not a backup!
A terrible misconception is that because you have your data in cloud storage, you don’t need backups. This truly is not the case. Yes, it adds a little bit of resiliency, however, in the event (again) of ransomware where your local PC gets encrypted, the files in your cloud storage will be encrypted too. There are limited restoration possibilities in the event of this happening if you are only relying on cloud storage. Cloud storage is super-handy as a synchronisation tool between your devices, however, you should not rely on it as a backup.
There are levels of resilience
Depending on the way you set your backups up, you’ll have different levels of resilience. If, for example, you back up to a flash drive or external hard drive, your resilience only goes as far as that drive not being corrupted or lost. You effectively have one copy of the data stored in the same vicinity as your PC. For more resilience, you want to have more copies of the data in different locations; if there’s a fire and you only have your data in the same building, you may as well kiss that data goodbye.
My devices back up to a server within my office, which is a local copy of the data that I can restore from quickly. From that server, my backups are pushed into Microsoft’s Azure platform every week to serve as an off-site backup. Should my office get broken into and the server stolen, I can still retrieve the data from my Azure account and restore it locally, losing at most 1 week of work in an absolute disaster scenario.
If I wanted to add even more resilience, I would use Azure to create multiple copies of the data in multiple regions. This means that if Azure’s Johannesburg data centre goes down at the same time as I have a crisis, I have another backup in another region. An important point to note though when it comes to regions is that you must be aware of data protection regulations for your particular region. Depending on what data you are storing, you may be restricted from pushing it across borders – in these cases, it is best to use a service that is based in the same country.
For a much more detailed look into backup resilience, have a read of Ryan Nieuwoudt’s blog article on the same.
Lastly, all of your backups should always be encrypted. If your server or backup drive is stolen, you want that data to be unusable. If the data is accessible, not only do you run the risk of the information being used against you or your clients, you will also fall foul of data protection regulation, landing you with a large fine and a data breach. My backups are encrypted as they are created using AES256 encryption (an incredibly secure method), I would recommend you do the same!
If you do encrypt your backups, it’s vital that you don’t lose your encryption keys. It will do you no good to find in a time of emergency that you cannot restore your backups as you no longer have access to your keys! For this reason, it’s also a really good idea to run a mock disaster every now and then to see that your recovery plans are working smoothly.
I trust that this article has made you think a little differently about your backups, and I hope it encourages you to find out more about how your backups are configured! If you need assistance in planning your backup solution, or whether you need advisory when it comes to cross-border transfers and data protection, please reach out to us. We have a network of professionals covering end-to-end data protection solutions, including backups and disaster recovery for any company size.