A life without Andy, Woody and Buzz – Why Data Back-Up is important for all businesses

Think about how much you rely on your business-critical data, such as customer details, quotes, orders, payment details or coursework/examination files for education establishments. Now imagine how long you would be able to operate without them.


All businesses, regardless of size and type, should take regular backups of their important data, and make sure that these backups are recent and can be restored.


By doing this, you're ensuring your business can still function following the impact of flood, fire, physical damage or theft. Furthermore, if you have backups of your data that you can quickly recover, you can't be blackmailed by ransomware attacks.


Example 1

A University in Victoria, New Zealand recently felt the effect of accidently deleting all files that had been stored on desktop computers.

The plan had been to clear old profiles, but it quickly became apparent that the deletions had

gone much further.

The University of Wellington caters for over 20,000 students who in early February of this year, woke up to an email to say the Uni’s IT team were still working on a technical solution to recovering the data that was deleted over the weekend. Staff accounts were also affected.

Users insistent on storing everything on the desktop were the worst affected by the botched operation to clear disk space.

The work was routine and scheduled maintenance work, but an unexpected issue had occurred which led to a number of files on the desktop being deleted for a significant number of staff.

Example 2 -

During the making of Toy Story 2, someone accidentally ran a server command that rapidly began deleting animation files. Whole characters and movie sequences began disappearing before crew members’ eyes. In total, a year’s worth of work was gone in about 20 seconds.


The team was nervous but figured that they would be able to restore the missing files from their backups. Wrong. Turns out, their backups had failed during the last month. Now what? Without these files, the whole film would need reanimating.

Thankfully, another back up had been made so the files were able to be recovered.

What should businesses consider when backing up data?


Tip 1 – Identify what data you need to back up

Your first step is to identify your essential data. That is, the information that your business couldn't function without. Normally this will comprise documents, photos, emails, contacts, and calendars, most of which are kept in just a few common folders on your computer, phone, tablet or network.

Tip 2 – Keep your back up separate from your computer

Whether it's on a USB stick, on a separate drive or a separate computer, access to data backups should be restricted so that they:

· are not accessible by staff

· are not permanently connected (either physically or over a local network) to the device holding the original copy

Ransomware (and other malware) can often move to attached storage automatically, which means any such backup could also be infected, leaving you with no backup to recover from. For more resilience, you should consider storing your backups in a different location, so fire or theft won't result in you losing both copies. Cloud storage solutions (see below) are a cost-effective and efficient way of achieving this.

Tip 3 – Consider the cloud

You've probably already used cloud storage during your everyday work and personal life without even knowing - unless you're running your own email server, your emails are already stored 'in the cloud'.


Using cloud storage (where a service provider stores your data on their infrastructure) means your data is physically separate from your location. You'll also benefit from a high level of availability. Service providers can supply your organisation with data storage and web services without you needing to invest in expensive hardware up front. Most providers offer a limited amount of storage space for free, and larger storage capacity for minimal costs to small businesses.

Tip 4 – Read NCSC Cloud Security guidance

Not all service providers are the same, but the market is reasonably mature and most providers have good security practices built-in. By handing over significant parts of your IT services to a service provider, you'll benefit from specialist expertise that smaller organisations would perhaps struggle to justify in terms of cost.

However, before contacting service providers, we encourage you to read the NCSC's Cloud Security Guidance. This guidance will help you decide what to look for when evaluating their services, and what they can offer.

Tip 5 – Make backing up part of your everyday business

We know that backing up is not a very interesting thing to do (and there will always be more important tasks that you feel should take priority), but the majority of network or cloud storage solutions now allow you to make backups automatically.


For instance, when new files of a certain type are saved to specified folders. Using automated backups not only saves time, but also ensures that you have the latest version of your files should you need them.


Many off-the-shelf backup solutions are easy to set up, and are affordable considering the business-critical protection they offer. When choosing a solution, you'll also have to consider how much data you need to back up, and how quickly you need to be able to access the data following any incident.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

The Cyber Resilience Centre for the West Midlands is a trusted resource for  support to protect businesses and third sector organisations in the West Midlands region.

USEFUL LINKS

CONNECT WITH US

  • LinkedIn
  • Twitter
  • YouTube

© 2021 - The Cyber Resilience Centre for the West Midlands