Why backing up files is essential for preventing data loss
In this article, Steven Wood, Director, EMEA, APAC for Carbonite & Webroot, outlines the importance of preserving data, particularly as the online threat landscape continues to evolve.
As more and more of our daily business activities incorporate digital and online files, there are an increasing number of ways that data can get lost. We’ve witnessed businesses left with servers under four feet of water after a hurricane, networks taken down by ransomware, entire data centres burning down and corporate laptops stolen at airport security, to name just a few examples.
The implications for businesses of these unforeseen events happening without having a data recovery plan in place can be wide-ranging and devastating: from losing critically important files to the heavy cost of replacing machines, or the large amount of manual time and effort spent recovering data.
The possibility of data loss and theft should, therefore, be top of mind for small businesses, especially as these organisations are unlikely to be able to afford losing the data or paying a ransomware fee. It is essential that they know how to prevent and combat data loss – and this begins with regularly backing up files and creating a good cyber hygiene routine.
Backup becomes more paramount when we consider the increased adoption of online file-based services like Microsoft 365, Google Workspace, Box and even DropBox. These services, whilst providing a huge leap forward in collaboration and remote worker efficiency, distribute out files and data to locations outside of the typical IT controls. Information traversing these services deserve equal protection, yet those using these services seldom give it a second thought.
Critically, businesses need to understand the difference between ‘storage’ and ‘backup’. Storage is simply a gateway to access information from anywhere, whereas backups are automatic, offsite, immutable, granular, take you to a point-in-time and provide flexible restore options. Organisations can avoid disasters by understanding where their data is located and then ensuring they have the right backup product in place – meaning whatever data loss occurs at an organisation, they can take full advantage of their backup product to keep themselves running undisrupted.
Beginning the backup process can be daunting, but it should be a vital part of every company’s cyber resilience strategy.
What steps should businesses take to back up their files?
As a first step, organisations should assess where their data resides. The locations are often surprising, personal desktop computers, work laptops, file servers, and cloud services. Once these locations are identified, then appropriate tools can be explored to offer the best protection coverage.
It is imperative that when evaluating these solutions, always consider the time that elapses between each backup. This time is commonly referred to as the Restore Point Objective (RPO) and will determine the maximum exposure to data loss in the event of a recovery. For example, if you perform one backup per day, then your “maximum” potential data loss will be 24 hours, but if you are backing up every four hours then the RPO drops to six hours.
Equally important is the Restore Time Objective (RTO). This is also a time-based measure, and it represents the total amount of elapsed time from the moment a restore is requested until the moment that data becomes usable. For example, if a laptop user restores a single file from the cloud, the RTO could be measured in mere seconds. Whereas if the task is to recover a local database application, the RTO would include the time it takes to prepare/replace the hardware, install any application dependencies, restore the data, and then reconnect users to the application.
If the business is sensitive to long RPO or RTO times, then there are solutions that can overcome these by replicating data and applications in real-time and allow IT staff click-button procedures to failover applications to alternative services with minimal interruption.
As with all “disaster avoidance” systems, data recoveries should be tested on a regular basis to ensure that they will perform as expected should the need arise. The good news is that there are many reputable data backup and high-availability specialists who have experience with customising data recovery solutions to meet all manner of business requirements.
“Remember that the reason for backups in the first place is so that we can execute recoveries that keep the business running in the event of unforeseen and unpredictable cyber events. Backups are a cornerstone of keeping businesses of all sizes resilient – Cyber Resilient.”