Backup 101: How can organisations protect data in the digital age

As our reliance on technology continues to grow so should our awareness of the importance of backing up our data. 

Backing up to prevent loss of data in case of accident or malice is now essential for all organisations. According to Blackblaze’s 2021 State of Backup Report, despite 62 percent of respondents having lost data at some point, and 25 percent having had a security incident occur within the last year, over one fifth of people had never made a backup. As cyber threats continue to increase, it is crucial that every organisation builds a solid backup strategy that includes a strong training component. 

We spoke to business leaders to learn how to best approach this crucial business task. 

Backing up in the remote era 

With the ever-increasing risk from ransomware attacks, as well as the challenges created by the move to long term hybrid working, ensuring that data is backed up is more important than ever. 

Neil Jones, Director of CyberSecurity Evangelism at Egnyte, notes that in the present climate, “we need to take a moment to reflect on the exploding volume of mission-critical digital data that’s being generated today (and every day), and consider how to encourage our employees, contractors and business partners to protect that data more effectively. Unfortunately, many organisational stakeholders are unaware of how to properly protect their companies’ valuable data, so it’s up to the company to educate them on best practices.”

Gregg Mearing, CTO at Node4, further explains that increasing ransomware attempts pose a major challenge to data and backup solutions. “Robust cybersecurity defence is imperative and must form part of an effective backup strategy. Although not a new practice, threat actors are increasingly laying dormant – referred to as dwell time – to strategically plan an attack launch date that causes maximum damage. Our experts are finding that dwell times are extending – whilst before they waited an average of 11 days, cybercriminals now are waiting months to launch attacks. This method of deploying ransomware provides attackers with more time to encrypt or wipe backups, which can force an organisation back months to access a system restore. In a fast-moving, high data generation world, it is unlikely that a month-old backup will bear any resemblance to a business’ position at the point of ransomware launch.”

Proactivity is key 

The prospect of losing data to a cyber attack or to an accident is certainly daunting, and something that organisations shouldn’t take for granted. Hugh Scantlebury, CEO and Founder of Aqilla, highlights how “losing financial data has profound consequences for businesses and can permanently ruin reputations. So don’t assume cloud-based accounting and financial software automatically offers built-in backup and recovery services.

 “We’d recommend opting for continuous backup wherever possible so that, should the worst happen, there’s less chance of data being permanently lost. We’d also suggest picking an automated solution so that you’ve one less thing to worry about each day.” 

“For years, we have been saying that backups are extremely important no matter the industry, no matter the size of the organisation, and no matter the technology,” Tom Huntington, Executive VP of Technical Solutions at HelpSystems adds. “But backups have to be done in a fashion that allows for a simple and reliable restore too. 

“Regarding security, consistent backups with several iterations in storage, whether in the cloud, storage replication, virtual tape library (VTL), or in some offsite storage, is required as you don’t know when you might be attacked by ransomware. Ransomware recovery will require you to go to the iteration of backup prior to the ransomware. Once restored, you need to patch the server and review the security holes that allowed the attack in the first place.”

A robust recovery plan

While backing up data is more important than ever, Christopher Rogers, Technology Evangelist at Zerto, a Hewlett Packard Enterprise company, urges that when it comes to avoiding the true cost of cyber attacks, thinking exclusively in terms of backup is far too limiting. 

“The process of protecting your data by creating an extra copy is one thing, but organisations need a recovery plan that focuses on limiting downtime and restoring operations in minutes or seconds, not days or weeks.”

“The level of sophistication of ransomware attacks has evolved,” agrees Richard Richard Barretto, Chief Information Security Officer at Progress. “In some recent attacks, not only was the data held hostage but the backups as well, ultimately making it impossible to recover from the attack without paying the ransom. This means that it is no longer enough to backup data locally. Businesses should now backup to a separate storage device or in the cloud that is safely guarded from ransomware attacks, and ensure that these backups are isolated from network connections. Organisations with mature practices will always have a local backup and an offsite backup that is safely guarded and protected from tampering.”

When implementing a robust recovery plan it can be difficult to know where to start. Rogers said: “Some criteria that businesses should consider to ensure they can recover fast and with confidence include:

• Ditching legacy data protection and move to continuous data protection (CDP)
• Centre your recovery plan around your applications, not simply the data that makes up an application
• Fit the recovery plan around your business and where you’re headed rather than adapting your business to technology constraints.”

Backing up and the cloud

A staggering 61 percent of businesses migrated their workloads to the cloud in 2020, adding another layer of complexity to backup processes. “With businesses increasingly migrating to the cloud, more emphasis needs to be placed on protecting mission critical data wherever it is located,” urges Terry Storrar, Managing Director at Leaseweb UK.  “Thankfully, modern cloud backup solutions have the benefit of being suitable for businesses of any size. They allow for data backup from any server or device, anywhere with an internet connection. Cloud backup solutions are easy to manage, and their providers offer reliable, hands-on customer support.” 

“If your organisation is transitioning workloads to public cloud, you may well have concerns around losing control of your data,” Myles Currie, Product Manager – End User Compute at Six Degrees, adds. 

“These aren’t unfounded – SaaS providers take backups to ensure the integrity of their services, but they will not take responsibility for data loss that results from accidental deletion, malware or operational errors. 

“I recommend partnering with a trusted data protection provider to hand control of your mission-critical data back to your organisation.”

Clearly, a well-formulated backup strategy is critical to business survival. Simon Spring, Senior Account Director EMEA at WhereScape, concludes with “a reminder for enterprises and individuals to continue to remain proactive when it comes to managing their data.”