Dr Craig Valli and Dr Ian Martinus
It is one of the easiest and cheapest protections for your business and its critical files. There are few if any businesses who do not use some form of information technology to store valuable or critical business data. Losing access to business data immediately interrupts the business until some restoration occurs. In the worst cases it can completely shut down the entire operation as a result of not being able to “restore” or cause ultimate business failure.
What not to do with backups
Not do them
Store them on the same device you are “protecting”
Store them at the same physical location as the data you wish to “protect”
Store them unencrypted anywhere including getting to anywhere
Not test that they worked by running a restore or verification process
Have recent or sufficient backup to replace or retire media
The amount of times we have been asked to recover files from a phone dropped in water or other mediums are numerous. This proves users fail to understand the value of protecting computer/storage. Backing up is simple. Most computer operating systems have mechanisms to provide backup for free. Windows has Windows Backup and Mac-based products have Time Machine!
Phones and tablets are a little different as a type of device but if you synchronise to your phone desktop computer/laptop, the problem is already half solved. For Android phones you can back it up to Google Drive.
One hoary old chestnut is “cost”…well last time we looked (today) a 16TB USB drive which is significant overkill for most businesses will cost around $500. Compressing the files could store 150TB or more of backups. If a small business buys four and uses on a weekly rotation cost over a month, the cost is $2000. This would leave only the current disk on premise and the other 3 securely stored somewhere else. So the question to ask is how long does it take to stop your business in wages lost and business lost to get to $2000…not long we suspect.
Is the “cloud” safe for backup? The short answer is yes if you are careful about where in the cloud and who the custodian of the cloud asset is. You should use encryption to protect backups wherever they are stored. It is simple, effective and protects from prying eyes. You should require passwords that are complex. Given these should be used infrequently, you can simply write them down on a piece of paper and store in a fireproof safe/bank box. Two or more different safe storage locations would be ideal. Make sure transfer to the cloud/offsite storage is done with the files already encrypted and in an encrypted connection. We have seen cases where businesses and large government departments were doing backup completely unencrypted, this increases vulnerability immeasurably. Windows One Drive and Google Drive are good alternative backup spaces for important data and files as well.
Verification or testing of a backup is crucial. It takes a little while to completely check and verify your backup but it is highly recommended. In catastrophic failures we have witnessed, there was no verification or testing of backup. The business simply trusted it was working. In a couple of cases, it was the result of the media degrading and dying. One company reused the magnetic tape over 3 years continuously and the tape was transparent from wear. It was the only backup tape.
Hard drives can fail suddenly and also do fail slowly a more insidious, corrupting files as the drive marks bad sectors within a long archive file that then fails. We recommend you verify your backups from within the backup program and at least once a week, try and recover random files from your backups.
Obsolescence of media (hard drives, USB sticks, tapes, DVD, CD) either by wear or lack of capacity is also a part of life. Decay is a function of time in the 5th domain (cyberspace). You should plan to replace the media used in your backup program and budget for it with total replacement somewhere between 24 – 36 months depending on use and technology. This replacement is just the cost of doing business in the new world of digital communications that can use cyber resilience strategies to keep businesses running optimally.
Links & References Used
The following are specific technologies and how to back them up