Whilst the events of WannaCry and Y2k now feel like a distant memory, the need to backup data and prepare for disaster has never been higher. With the adoption of home working as the ‘new normal’, security risks have never been more at our door than now. With sufficient backup solutions, ransomware attacks can be stopped in their tracks.
Data loss isn't just caused by cyber-attacks...
Data loss isn’t limited to cyber-attacks though, according to ITGovernance.EU, 4% of data breaches are caused by people physically losing hardware containing valuable data. We used to lock our office doors every night knowing our data was safe and protected by alarms and layers of security, but with just under 50% of the workforce working remotely into the foreseeable future, that one locked door multiplied into tens or even hundreds (depending on your business size) of points of failure for your company’s security when we were all sent home.
It’s widely known that most (90%) of data/security breaches are caused by human error, I myself have almost fallen victim to a rogue email seemingly from a customer containing an attachment. It was being able to sound it out with my co-workers in the office and get a resounding “Check with the customer if they sent that!” from my team that prevented me from opening it, and my customer swiftly responding with “I’ve been hacked, don’t open that!”. The importance of cyber safety and avoiding opening attachments that you don’t recognise was instilled in me from a very young age, and I still almost fell for it!
With all these points of failure, human or otherwise, it’s important to be as prepared as possible where your data is concerned and stop hackers from making your business, their business.
So, what can I do to prevent data loss?
The National Cyber Security Centre (a UK Government initiative) has lots of free resources on their website to assist you in cyber awareness, with a free weekly threat report. . Another great resource is the NCSC small business guide; this is a free resource provided by the government to help your business stay secure.
One of the best ways to ensure that your data is protected should you be attacked, is to have a backup of it kept separately from your main infrastructure. Then it’s just a matter of wiping your hardware clean of the ransomware and spinning up your backups. Backups can take many forms and there are a few things you need to consider when looking at implementing a backup solution.
How far back do I need to backup?
- This is known as RPO (Recovery Point Objective).
If you can afford to lose the last 8 hours of data, then this can be your RPO. It’s worth noting that the smaller your RPO, the more costly your backup solution. It is possible to achieve zero RPO using synchronous mirroring of data, but is this necessary?
How quickly do I need my backups to be restored for my business to keep running?
- This is known as RTO (Recovery Time Objective).
If you are restoring backups from the cloud, can your internet connection accommodate large amounts of data transfer in a short space of time to reach the RTO?
What am I backing up?
You probably don’t need to backup all of your data at the same rate or intensity so this question is easily answered with, what can’t you live without? What does your business need to function? Backing up every piece of data you own can be costly, so be selective. But be sure to back up enough data so that the continuity of your business is not made vulnerable by an attack.
Backup solutions come in 3 forms; on-site, the cloud, and hybrid.
1. On-site
Pros – Easily accessible without the need for dedicated bandwidth.
Cons – If the location your data is stored in gets flooded or burns down, then you can say goodbye to backups. You’re limited by the storage size of the device and will need to replace aging hardware when the time comes (3-5 years is advisable).
2. The Cloud
Pros – The cloud is Encrypted, and it often gives the option to easily extend the amount of storage you have, gives you higher resiliency, and there is no cost of hardware. Off-site means no overheads of physical kit
Cons – A slow/over utilised internet connection can seriously hinder your RTO.
3. Hybrid
Pros – Backup all day long, then send that back up to the cloud once daily, which gives you quicker restoration times due to not being dependant on fast internet connectivity.
Cons – It can be costly depending on storage size and there is the cost of hardware replacement and local storage limitations depending on the capacity of the device.
Summary
All backup and business continuity plans should include a risk and recovery matrix that is signed off by the leadership team. When the worst happens, you’re faced with lots of questions and it’s best to review and document these before you decide on a solution.
Hybrid solutions may appear to be the best approach for the majority of businesses however as I’ve described, Disaster Recovery is very personal and isn’t something IT Partners can dictate, it takes a considered process to ensure cost and performance are dealt with appropriately.
If you’d like to learn more about backup and disaster recovery, or just how you can better protect your business from cybersecurity threats, get in touch with the NetMonkeys Troop via our Contact form for further information.
