How to Improve Data Backup & Resiliency Plan

Data backup may seem basic, yet businesses have experienced a loss of data as a result of not backing up or a failed backup. In this article, Kurt Markley, managing director of Apricorn, discusses three steps to improve your data backup and resilience plans.

September 15, 2022

The challenges IT managers have always faced have only multiplied in recent years. Digital threats have become increasingly sophisticated, and the pandemic alone opened companies up to myriad new vulnerabilities. New attack vectors are constantly emerging thanks to remote work and hybrid working environments. In the 2022 Global IT Security Survey, Opens a new window three respondents said their companies do not back up their data or devices in advance of working remotely, while only one in five follow backup best practices and back up data in real-time – highlighting some major data security risks. Admittedly, addressing data security challenges can be daunting. With so many daily hours, you can’t take on every security gap at once. So, where do you start?

Back up Your Data & Prepare to be Resilient

Turn your attention to your data backups and resiliency first. This will ensure you have copies of your organization’s most important data, at the very least, come what may. We’ve learned through the mistakes of other companies that you can’t afford to ignore this staple of cyber security. Consider the ransomware attackOpens a new window against the Ireland Health Service Executive (HSE) in 2021 that immobilized the country’s health IT systems. Not only were patients and staff dramatically affected, but this attack (and the lack of resiliency) also cost hundreds of millions of dollars in recovery efforts.

Even though we hear stories like this far too frequently, recent research from Apricorn revealed that 99% of IT decision-makers fail to recover data when disaster strikes, despite having a backup strategy. The same research found that more than 70% of IT leaders have had to recover data from backups, but 26% were unable to restore it completely. 

In other words – IT professionals are aware of the scale of these threats but haven’t yet cracked the code on preventing them or their aftermath. Isn’t it time to take control back? To that end, here are three actions you can take that will impact your backups and resiliency. 

1. Live by the 3-2-1 rule

A backup is foundational to robust security, but not all backups are created equally. As you can tell from the survey referenced above, at least one-quarter of IT professionals cannot fully restore their data and documents from a backup when needed. So, here’s what the 3-2-1 rule is, which is critical: Have three copies of your data on two different media (one of which is offsite, encrypted, and offline). 

The best rule of thumb is to store local backups securely on portable hardware-encrypted external storage devices. Ensuring your backup strategy has encryption at its core at each location helps you keep maximum control of your data, no matter what disaster strikes.

Consider the lessons the Dallas Police Department learned, which incurred $500,000 in expenses when an IT employee mistakenly deleted 20TB of dataOpens a new window . Even though it was accidental, the lack of data backup procedures rendered much of the data permanently lost. Implementing the 3-2-1 rule would have saved the department countless hours and public funds.

2. Define your backup and recovery plan. 

IT managers are security-savvy and knowledgeable, understanding that a backup and resiliency plan is key to preventing damage from attacks and data loss from other sources. But even the most well-intentioned don’t always clearly define their plan, nor do they always share it with all relevant stakeholders. Even if a plan is in place, it’s not always written down. And even if it is written down, it’s not always followed. You can imagine how each lacking layer can contribute to serious data gaps. 

So, it might sound simple, but take the time to write out all the necessary pieces of your plan. Then, share it with your team. Include who needs to be alerted in what situations and how the chain of command should work in the case of a leader’s absence. 

This is often overlooked, which exacerbated the HSE data situation in Ireland. It was said that “the HSE did not have a single responsible owner for cybersecurity, at senior executive or management level at the time of the incident” and that “there was no dedicated committee that provided direction and oversight of cybersecurity and the activities required to reduce the HSE’s cyber risk exposure.” Tightening up this area of your plan – and ensuring the plan is detailed, shared, and accessible – can go a long way in mitigating risk and dealing with problems. At the very least, defining your backup plan in a detailed way can help ameliorate a situation such as restoring operations after a DDoS ransom attack.

See More: 8 Tips To Implement an Effective Disaster Recovery

3. Check in frequently

There are some aspects of business that you can “set and forget,” but cyber security is not one of them. Even if you commit to following the 3-2-1 rule and are careful about defining your backup and resiliency plan, you can’t simply ignore it after that point. Instead, it’s important to consider your efforts going forward and help promote accountability across the organization.

To this end, make a plan (yes, another one) to review your multilayered strategy regularly. Frequently back up your data, including your offsite/offline backups, and consistently practice data recovery processes from these backups. Frequent, rigorous testing can keep you from becoming a statistic and help you achieve full restoration in the event of a breach. Communicate the importance of security policies and data backup to employees as well. According to the 2022 Global IT Security SurveyOpens a new window , one in four organizations states that despite having remote work security policies in place, employees are not adhering to them.

A strategic data backup and resiliency approach can help your organizations improve data control, get rid of unauthorized data access, and spur quick restoration should a breach, attack, or other data loss occur. Your plate is full as an IT professional, but these steps will prevent you and your organization from falling prey to costly consequences later. You, your customers, and your company will be glad you did.

Which best practices have you considered to improve your data backup and resiliency plan? Tell us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .

MORE ON DATA BACKUP

Kurt Markley
Kurt Markley

U.S. Managing Director, Apricorn

Kurt Markley is the US managing director at Apricorn and has more than 20 years of experience in encryption and cybersecurity. He has worked with many organizations in the manufacturing, government, finance and health care industries to help strengthen their data protection.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.