Backing up data – whose job is it anyway?

An abstract image of cloud storage.
(Image credit: Shutterstock/Marko Aliaksandr)

A solid plan for backing up corporate data should be a critical component of any cybersecurity strategy. Data can be lost, stolen or made unavailable in a number of ways – including cyber-attacks, employee error or a tech failure. Having secure copies of critical information instantly accessible is essential to minimizing costly business disruption.

About the author

Jon Fielding, managing director EMEA, Apricorn.

The number of high-profile companies reporting data breaches highlights how difficult it is to prevent or avoid information being compromised. When disaster does strike, every minute counts. Having a reliable backup process creates resilience, enabling the business to recover and restore vital data quickly to avoid downtime and impact on customers.

Organizations have bought in to the need back up their data to an offsite location, with two thirds of respondents to a recent Apricorn poll saying their company does this. However, backing up is largely considered to be a ‘job for IT’, with more than 60% of respondents not required to play any kind of role in the process. This is despite many employees now regularly working outside the office environment, moving data outside of the corporate network and the purview of the IT department. The fact that over half of respondents also reported that they or their employers had experienced loss of data as a result of inadequate backup procedures suggests this needs to change.

IT and security teams should have overall responsibility for setting the course of backup strategies and plans, but individuals need to be given greater autonomy and confidence to play their part, especially when working at home or remotely.

Establish your backup process

For several years the backup ‘mantra’ has been the so called 3-2-1 rule: have three copies of your data, on two different media, one of which is offsite. But as cyber-attackers ramp up their endeavors to gain access to data while it’s offsite – either in the cloud, or through targeting employees who are working remotely – one location is no longer enough.

Backup strategies need to be multi-layered, incorporating more than one type of offsite location: ideally one online, such as cloud storage, and one offline. This will avoid the business relying too heavily on one approach, which means there’s a single point of failure if a crisis should occur. The online and offline solutions will complement each other, protecting corporate data against loss and theft from all angles.

Adding an offline backup provides the best chance of fast recovery if other copies of information are damaged, lost, stolen or unavailable. It’s particularly important as a defense against ransomware attacks, ensuring the organization can always get up and running again quickly by restoring from a clean, protected data set. A straightforward way of implementing this approach is by storing a copy of data on an encrypted removable hard drive or USB, which can be quickly disconnected from the network to create an ‘air gap’ between data and any criminal that has managed to gain access.

Sanction all employees to back data up locally

Making all employees accountable for backing up the data they handle – both centrally to the cloud, and locally to encrypted storage devices – will ensure everyone takes responsibility for the data they handle. These requirements should be enshrined in a security policy.

Employee education and engagement is key to securing buy-in, and making sure everyone takes the steps they’re required to. The backup policy must be clearly communicated, and staff trained in the correct use of any storage devices they’ve been provided with. This should not only cover the ‘what’ and ‘how’, but also the ‘why’: each individual should understand the specific risks to the business of not backing up data properly, and why playing their role is crucial.

By equipping employees with removable USB flash drives and hard drives that automatically encrypt all data that’s written to them, companies can give everyone the capability to securely store data offline, as well as move it safely between office and home.

Determine a backup frequency that works for your business

Again, this should be enforced through policies and procedures, either by fully automating updates or setting reminders for staff.

Test and review the process

Your data backup, recovery and restoration procedures should be tested regularly, to verify that all applications, business-critical functions and datasets are intact and fully functional following disruption. As your business develops and your data assets expand, so will your backup requirements. It’s important to review your arrangements to make sure they reflect your needs, and scale them up where necessary.

Encrypt all data as standard

Mandating the enterprise-wide encryption of information – whenever it’s moved or stored – will create an effective ‘last line of defense’ for data. This will render the data unintelligible to anyone not authorized to access it, keeping it safe whatever disruption goes on around it.

A rigorous, 360-degree data backup plan that puts employees in the driving seat will place you in the best position to ensure business continuity if the integrity or availability of critical data is at risk. Through enabling fast response, restoration and recovery in the event of a disaster, it will minimize the impact on your customers – and therefore the kind of financial and reputational damage that could take years to recover from.

We've featured the best cloud backup services.

Jon Fielding, managing director EMEA, Apricorn.