When Was the Last Time You Tested Your Backups?
Given the critical role that computing technologies play in business today, companies must have a solid backup and recovery plan in place. A natural disaster, cyberattack, or another emergency that affects your data center can cripple your operations. If you can’t get your systems operational rapidly, you’ll lose sales opportunities, clients, and profits.
The high cost of data losses and breaches
Recent research contends that sixty percent of companies go out of business within six months of a data breach. A resulting loss of customer records, financial data, or operational capacity can prove catastrophic. Further, many industries must follow regulatory cybersecurity and data protection mandates, which, in some cases, include the preservation of specific data. If your backup fails, not only will your operations be affected, but you may also face stiff financial and legal penalties.
You’ve probably seen some of the national and international headlines about ransomware attacks recently. These attacks involve cybercriminals fraudulently accessing your network and introducing malware that seizes control of and encrypts your computing assets. Cybercriminals then demand a ransom in exchange for a decryption key that will allow you to regain control of your assets. If a ransomware attack hits your data center and you have no functional backups, you’ll likely be forced to pay the ransom in the hope that you’ll be given the decryption key and that it will actually work. There is, however, no guarantee. However, if you can quickly restore access to your data and key systems with minimal downtime, you may be able to avoid paying the ransom.
The critical importance of backup data and testing
Most business leaders assume their files are being backed up to a server or the cloud. And there’s evidence that the overwhelming majority of businesses do. However, there’s wide variation in the backup protocols that companies follow. Some companies back up their data sporadically, while others don’t properly segregate it from other IT assets. Still, others don’t maintain proper security applications and pass on compromised data to their backup solutions. And many businesses that have outsourced their backup and recovery operations to a managed service provider do not check to make sure the provider is doing their job.
Even if you automatically back up your data once a day to the cloud, an on-site server, and an off-site server, you must regularly test your backups. How often should you test your backups? Ideally, you’d test your backups immediately after you’ve backed up your files. But given the time involved in backup testing, such frequent testing is impractical. Instead, opt for a weekly or (less preferable) monthly schedule. You can establish automatic testing of your applications, databases, individual files, and virtual machines at night or on the weekends when few, if any, employees are using your systems.
Monitoring your backups regularly will help you identify backup failures. However, if you don’t check your backups regularly, you’ll miss a system issue that could result in backup failures week after week. Many issues don’t generate error messages but can hurt the validity and integrity of your data just the same. For example, you may have misconfigured your backup software to preserve only the data and not the applications. Your overloaded IT staff, not seeing error messages, may assume everything is running smoothly. But by pairing regular backup testing with end-user checks of backup data, you can quickly identify data errors that may not be obvious at first glance.
It’s also critical to perform recovery testing on your backups. Not only should you ensure the data and application integrity, but you should regularly test your ability to restore your operations from your backups quickly. Having backups means little if you cannot restore them quickly in a crisis. Practice restoring your complete archives to applications and databases, prioritizing key systems first. Work with senior leadership to prioritize your data and systems from most to least important, then plan your restoration tests – and backup recovery protocols – accordingly. By doing so, you can identify and remediate any weaknesses in your backup data and recovery plans and improve your recovery time speed and effectiveness.
Backup data planning
Often, backup work falls into the hands of one employee who performs the work but doesn’t share what they are doing or how they are doing it with anyone else. When a backup failure occurs and that employee is not available, the entire organization is at risk. Your backup plan should be documented and shared with relevant employees. It should include the appropriate steps to backup data, testing it for validity and integrity, and practicing restoring systems from backups and a list of redundancies. Incorporate this data into your organization’s larger business continuity plan so that when a disaster hits your IT systems, all members of your emergency response team understand what needs to happen next and what roles each team member has.
You must also ensure that your data backup and recovery plan is regularly updated. When your business upgrades your hardware and software systems, your backup plan may need to be adjusted to ensure your data is still being backed up accurately. And as best practices in business continuity, you’ll want to review your backup data and recovery plan at least annually to make sure it still meets your organization’s needs.
Last but certainly not least, you must make sure that your backups all have strong cybersecurity protection in place. Make sure when your IT staff or managed security services provider are testing your organization’s cyber vulnerabilities, they include your backup data and systems as well. A compromised backup server can be just as costly as a compromised production server. Include your cybersecurity protocols for your backups in your backup and recovery plan as well.
If you’re not sure of the last time your backups were tested, EasyIT can help. We can work with your team to establish a regularly monitored and tested backup solution for your entire organization or a smaller scale solution to supplement your existing backup infrastructure. No matter what your backup needs are, we have the expertise and resources to secure your data. Contact us today and take the first step towards safeguarding your business.
