The True Cost of a Business Cyber Breach
Sadly, there are plenty of bad agents acting against businesses to steal their data. Here's what could happen if you don't invest in better business resilience.
Data is the lifeblood of every business; it helps you process sales, track leads, and deliver products and services. How you manage that data is critical, which is why it is vital to understand data backup and recovery.
In this blog post, we've created a disaster recovery and backup FAQ guide, something you can bookmark and return to as and when you need it.
Here's our handy list of common Q&As about data backup and recovery that will help you understand your business's data protection gaps.
A: Ideally, you want to create a backup for everything critical to your business, including:
Learn how to complete a data audit here.
A: Did you know that a third of all data is lost due to poor backups? Our advice is always to have copies off-site as soon as possible. And here’s why. If your building was to flood and you only replicate or take a drive away at the end of the day, you could lose up to a day's worth of work.
Our backup service is cloud-first, which gets the backups immediately off-site and secured.
The next question you need to ask yourself is, “What is our recovery point?”
A: To answer this, you must first answer, “How much data can we afford to lose?” The answer shows you your recovery point objective (the amount of data you need access to in a recovery attempt). Once you have established this, you can set reasonable backup time intervals so that you always have access to the most up-to-date point for essential data.
For example, you might set this to 10 minutes, an hour, every four hours, a day or more. Our standard backup service is based on backups every two hours.
A: For traditional servers and workstations:
For cloud services:
A: The best data backup method combines reliability, speed, and security. We call it a 3-2-1 Backup Strategy. It includes:
[Image]
A: The better question is, “What is the best backup option?” Because the fastest doesn’t always give you what you need.
The best option for backup is an ‘image of system’ backup (see Q4). With this method of data storage, you have complete data up to a point in time (your recovery point objective worked out in Q3). This is the optimal method for full disaster recovery, regardless of what’s happened to get you to this point (physical loss or damage).
You will have read in Q2 that we recommend a cloud-first approach to backup storage. This may give you the quicker option to get back up and running quickly, once you have established if hardware needs replacing. It can also allow for recovery to the cloud if you can restore back to the original hardware or site.
A: Full backups are always the longest to restore, regardless of local or cloud drive options. This is because they recover entire datasets in full. Depending on how large your dataset is, you should expect longer wait times. But as we mentioned in Q6, this is the best option for data recovery.
A: Managed backup solutions will automatically handle your backup and recovery. And these can include:
[Image]
A: The answer is, you. As a business, you are responsible for your data, and this cannot be delegated.
Your assigned data protection officer (the person on the ICO register) is responsible for protecting data, which includes protection against loss. That is if the role is not assigned separately to a chief information officer or another member of management. These are the people making decisions about your data and business risk.
The closest other people have in responsibility is completing tasks related to data protection, such as running the backups, testing, etc. That does not include grading the risk of loss of data, what should be protected, how often it should be backed up (Repvery Point Objective “RPO”) and how quickly it needs to be recoverable (Recovery Time Objective “RTO”). Those are management-level decisions for the business.
In terms of recovery, the person you elect to head up your disaster recovery plans and incident responses will be responsible for recovery management.
A: There are five steps to managing data backups and restoring them:
A: In certain situations, restoring a compromised system is possible.
[Image]
A: The primary goal of data backup and recovery is business continuity, protecting data from critical data from loss, corruption, or disaster, and enabling quick restoration to minimise downtime.
A: These ensure the protection and restoration of critical business data where loss or failure occurs.
They should include clear directives for the following:
A: Your backup and recovery plan should include details on:
For more details on this, watch my on-demand webinar here. [LINK needed]
[Image]
A: Backup and recovery processes provide protection, continuity, and resilience against common risks, including:
A: Your data changes continuously, sometimes even multiple times per second. It can include updates on leads, sales and inventory. It can also include updates on employees, suppliers, emails and more.
The frequency per data set will depend on your business and industry. For example, the stock market's stock data changes in milliseconds, whereas a local independent shop may consider data change on a slower frequency.
Understanding how data changes helps you determine how to automate or manually back up data by defining a clear recovery point objective (RPO).
The best place to start building your plan is a data audit, which will help you understand what data changes, when, and how frequently. Watch our webinar linked under Q1 to help you learn about data audits.
A: Yes, data backups should absolutely be encrypted, and most modern backup solutions offer encryption as a standard feature. Remember, threat actors are out there, and your sensitive data can be stolen. It can also be lost, which is another avenue where you want data to stay in the right hands.
Backups should also have isolation that separates a copy of them from the main network. This isolated backup gives you access to a protected backup, which cannot fall foul of network-based ransomware attacks.
A: Make it part of your regular business rhythm. A quarterly review is an excellent point to ask, “Has anything changed?”. However, you should always make changes as soon as possible when something significantly changes in your business. This helps you to keep your plans up to date and actionable to reduce disruption and downtime.
Throughout this blog, we’ve covered the basics of data backup and recovery; from here, it’s about establishing what your business needs to protect and how. When you step back and look at the bigger picture, what are your backup and restore gaps, and what do you need to do next to solve them?
Taking this time will help you plan for and manage your recovery effectively.
Contact us if you need some help with that.
John Fisher
Meet John Fisher, founder of Westway IT, passionate about helping businesses thrive with technology. With a BSc in Computer Science, he values integrity, education, and quality relationships. Active in The Tech Tribe and GTIA, John simplifies IT and creates scalable strategies. Connect with him on LinkedIn.