Data backup and recovery: What your business needs to know

Data is the lifeblood of every business; it helps you process sales, track leads, and deliver products and services. How you manage that data is critical, which is why it is vital to understand data backup and recovery.

In this blog post, we've created a disaster recovery and backup FAQ guide, something you can bookmark and return to as and when you need it.

18 Data backup and recovery FAQs

Here's our handy list of common Q&As about data backup and recovery that will help you understand your business's data protection gaps.

Q1: What data should be backed up?

A: Ideally, you want to create a backup for everything critical to your business, including:

• operational data
• financial data
• client data
• employee data
• intellectual property
• system configurations

Learn how to complete a data audit here.

Q2: Where should data be stored?

A: Did you know that a third of all data is lost due to poor backups? Our advice is always to have copies off-site as soon as possible. And here’s why. If your building was to flood and you only replicate or take a drive away at the end of the day, you could lose up to a day's worth of work.

Our backup service is cloud-first, which gets the backups immediately off-site and secured.

The next question you need to ask yourself is, “What is our recovery point?”

Q3: How often should data be backed up? (Understanding your recovery point or “RPO”)

A: To answer this, you must first answer, “How much data can we afford to lose?” The answer shows you your recovery point objective (the amount of data you need access to in a recovery attempt). Once you have established this, you can set reasonable backup time intervals so that you always have access to the most up-to-date point for essential data.

For example, you might set this to 10 minutes, an hour, every four hours, a day or more. Our standard backup service is based on backups every two hours.

Q4: What are the types of data recovery?

A: For traditional servers and workstations:

• File backup: This restores files only (you will have to rebuild your system and then restore files in major cases).
• Image of system backup: Here, your entire system is restorable up to a point in time but can also be used to restore individual files. This method is best for full disaster recovery.

For cloud services:

• File-type backup: This option allows you to restore individual folders and emails stored in software like Exchange Online or files stored in systems like OneDrive/SharePoint. A file-type backup is also available for finance software like Quickbooks and Xero.

Q5: What is the best data backup method?

A: The best data backup method combines reliability, speed, and security. We call it a 3-2-1 Backup Strategy. It includes:

1. Three copies of your data: One primary and two backups.
2. Two different storage media: Locally based storage and cloud storage.
3. One off-site copy: To protect against physical risks like fire or theft and cyber-attacks which wipe out or damage the locally stored copy.

[Image]

Q6: What is the fastest restore backup?

A: The better question is, “What is the best backup option?” Because the fastest doesn’t always give you what you need.

The best option for backup is an ‘image of system’ backup (see Q4). With this method of data storage, you have complete data up to a point in time (your recovery point objective worked out in Q3). This is the optimal method for full disaster recovery, regardless of what’s happened to get you to this point (physical loss or damage).

You will have read in Q2 that we recommend a cloud-first approach to backup storage. This may give you the quicker option to get back up and running quickly, once you have established if hardware needs replacing. It can also allow for recovery to the cloud if you can restore back to the original hardware or site.

Q7: Which backup takes the longest to restore?

A: Full backups are always the longest to restore, regardless of local or cloud drive options. This is because they recover entire datasets in full. Depending on how large your dataset is, you should expect longer wait times. But as we mentioned in Q6, this is the best option for data recovery.

Q8: What automatically takes care of backup and recovery?

A: Managed backup solutions will automatically handle your backup and recovery. And these can include:

• Backup software: that automates and encrypts data, replicating it where necessary.
• Cloud backup services: that offer automated, scalable backups with built-in recovery options.
• Managed IT services: Outsourcing to an IT service provider (ITSP), like Westway IT, ensures backups are monitored, updated, and tested regularly by experts.

[Image]

Q9: Who is responsible for backup and recovery?

A: The answer is, you. As a business, you are responsible for your data, and this cannot be delegated.

Your assigned data protection officer (the person on the ICO register) is responsible for protecting data, which includes protection against loss. That is if the role is not assigned separately to a chief information officer or another member of management. These are the people making decisions about your data and business risk.

The closest other people have in responsibility is completing tasks related to data protection, such as running the backups, testing, etc. That does not include grading the risk of loss of data, what should be protected, how often it should be backed up (Repvery Point Objective “RPO”) and how quickly it needs to be recoverable (Recovery Time Objective “RTO”). Those are management-level decisions for the business.

In terms of recovery, the person you elect to head up your disaster recovery plans and incident responses will be responsible for recovery management.

Q10: How do you manage and restore data backups?

A: There are five steps to managing data backups and restoring them:

1. Establishing a backup strategy: Choose and implement your recovery point objective (RPO), backup locations, frequency, and automation.
2. Monitoring your backups: Setting and tracking alerts for any failed backups and checking the status of successful backups.
3. Testing regularly: Periodically testing restore processes to ensure backups are functional and data integrity is intact and optimised for speed. Here’s a guide on that.
4. Restore data: If data loss occurs, you should clearly understand your recovery point and recovery time objective (RTO), and reliably initiate restore processes for staged upload.
5. Maintain backup logs and documentation: Keep records of backup schedules, locations, and recovery processes to facilitate audits, meet compliance and improve efficiency during an emergency.

Q11: How do you recover without a backup?

A: In certain situations, restoring a compromised system is possible.

• By using data recovery software: Tools like Recuva or Disk Drill can sometimes retrieve deleted or corrupted files from your storage device. However, they are most effective when the data loss is recent.
• Opting for professional data recovery services: If your recovery software doesn't work or you need more specialist help, there are data recovery experts. These companies have the equipment and tools to recover data from damaged devices or failed storage.
• Server-side backups for cloud storage: Older version histories or restore options may be available in-app.
• Local or network-storage versions: Again, these may have older versions for you to restore to.

[Image]

Q12: What is the primary goal of data backup and recovery?

A: The primary goal of data backup and recovery is business continuity, protecting data from critical data from loss, corruption, or disaster, and enabling quick restoration to minimise downtime.

Q13: What are data backup and data recovery procedures?

A: These ensure the protection and restoration of critical business data where loss or failure occurs.

They should include clear directives for the following:

1. Identification of data for backup and its order of recovery importance  (Q1)
2. Recovery point and recovery time objectives (Q3)
3. Location of backups (Q2)
4. Method of backup (Q4)
5. Access to backups
6. Roles of responsibility for backup and recovery (Q9)
7. Testing of backup integrity and recovery times
8. Documentation of backup and recovery
9. Recovery plan (see Q14 below)

Q14: What should be in a complete backup recovery plan?

A: Your backup and recovery plan should include details on:

• back up objectives
• data classification
• backup frequency
• backup methods
• storage locations
• information on security measures (encryption, access controls and integrity checks)
• compliance and legal considerations (requirements, policies, plus auditing and reporting methods)
• recovery objectives (speed, stage and acceptable amount of loss)
• recovery process (from detection and response to backup source selection and restore methods)
• roles and responsibilities
• communication plan
• testing and validation plans

For more details on this, watch my on-demand webinar here. [LINK needed]

[Image]

Q15: How does backup and recovery help secure data?

A: Backup and recovery processes provide protection, continuity, and resilience against common risks, including:

• accidental deletion or human error
• physical loss or damage
• corruption
• cyber attacks
• disaster recovery
• downtime

Q16: How often does data change?

A: Your data changes continuously, sometimes even multiple times per second. It can include updates on leads, sales and inventory. It can also include updates on employees, suppliers, emails and more.

The frequency per data set will depend on your business and industry. For example, the stock market's stock data changes in milliseconds, whereas a local independent shop may consider data change on a slower frequency.

Understanding how data changes helps you determine how to automate or manually back up data by defining a clear recovery point objective (RPO).

The best place to start building your plan is a data audit, which will help you understand what data changes, when, and how frequently. Watch our webinar linked under Q1 to help you learn about data audits.

Q17: Are your backups encrypted? And should they be?

A: Yes, data backups should absolutely be encrypted, and most modern backup solutions offer encryption as a standard feature. Remember, threat actors are out there, and your sensitive data can be stolen. It can also be lost, which is another avenue where you want data to stay in the right hands.

Backups should also have isolation that separates a copy of them from the main network. This isolated backup gives you access to a protected backup, which cannot fall foul of network-based ransomware attacks.

Q18: How often should I review my recovery plan?

A: Make it part of your regular business rhythm. A quarterly review is an excellent point to ask, “Has anything changed?”. However, you should always make changes as soon as possible when something significantly changes in your business. This helps you to keep your plans up to date and actionable to reduce disruption and downtime.

Data backup and recovery: The wrap-up

Throughout this blog, we’ve covered the basics of data backup and recovery; from here, it’s about establishing what your business needs to protect and how. When you step back and look at the bigger picture, what are your backup and restore gaps, and what do you need to do next to solve them?

Taking this time will help you plan for and manage your recovery effectively.

Contact us if you need some help with that.