Well, you missed it. World Backup Day came this year on March 31st—on a Sunday when you couldn't do much about it, and now the day is gone. The reason World Backup Day even exists has several stories, one or more of which may be true. Some say that it was started by computer hard disk drive manufacturer Maxtor as a way to sell more hard drives. While Maxtor is now part of data storage vendor Seagate, the goal of selling more storage persists. For example, Amazon had a big mass storage sale on World Backup Day.
Others—notably, consulting companies—use World Backup Day as a way to remind you that they can sell services to help you back up your data. And, of course, the day gives columnists like me a reason to write about why you should back up your data.
But let's face it: If you don't already know how important it is to have backup copies of your data in more than one location, then you don't belong in your IT job. The same is true if you know how important it is and you're still not doing it because it's just one of those things you keep putting off. Proper data backups are essential to business now more than ever because they form the core data safety baseline that makes more complex operations, such as full-on disaster recovery (DR) possible. And they help protect against an ever-growing list of new ways to lose production data.
Where data corruption or a disgruntled or careless employee were your two prime threats in the past, you can now lose data to a veritable menagerie of threats, including diabolically smart ransomware, a shoddily coded version of any of the slew of operating system (OS) and application updates your users auto-install every month, a careless user losing one of those constantly shrinking mobile devices, or a even third-party cloud service entirely out of your control having a meltdown. Any of these can cause data loss, and a recent and readily accessible backup is your only real protection.
Examine Your Backup Strategies
So, think of World Backup Day less as a day to press the "backup" button and more as a reason to examine your backup strategy and your current practices in light of all that's changed over the course of a year. Odds are, once you do that, you'll find reason to adjust your strategy and change your practices.
"An effective backup strategy for large organizations must span multiple systems and often multiple locations," said John Grimm, Senior Director of Strategy and Business Development at nCipher Security in a statement. He added that it should balance the ability to recover data in the event of a system failure with the risk of creating multiple copies of the data. "Encryption is used to ensure that both the original and backup data are protected," Grimm said.
Grimm noted that, while storing data in multiple location carries the risk of exposure, it also has the advantage of helping to ensure that your data is preserved, even in the event of a disaster or other significant data loss, such as a ransomware attack. He also noted that, while encryption is critical for your backups, so is effective key management.
That's an important consideration that even many IT people ignore. The cloud has made backing up data, especially to multiple off-site locations, easier than ever. In fact, it's one of the top 10 benefits that businesses have realized from the cloud and hyperconverged infrastructure trend since 2016, according to market research firm Statista (see chart below). Maybe it's become a little too simple.
In many cases, especially for small businesses, just a credit card and the touch of button are all you need to set up a basic backup. It's so easy, it's almost spoiled by the need to consider your data exposure and how to mitigate that threat. But considering it is mandatory, encrypting data at rest and then protecting it with advanced identity management and access control is your best defense.
Prevent Ransomware-Related Data Loss
A significant factor in the need for backups is the prevalence of ransomware. Without good, reliable, and recoverable backups, or good, business-grade ransomware protection software, such as our Editors' Choice-winning Bitdefender GravityZone Elite$81.00 at Bitdefender, your only option following a ransomware attack is to pay the ransom and hope the cybercriminals will deliver the decryption key, which is by no means a sure thing.
"With ransomware becoming increasingly prevalent and effective around the world, so, too, must our focus on system backups," said Tom Patterson, Vice President and Chief Trust Officer at Unisys in an email. "Backing up your data in a safe and verified fashion is always cheaper and easier than dealing with a ransomware criminal."
But you have to do more than just make a copy of your data and pray it's sufficient. "Backing up both data and systems must be a critical component to any risk mitigation plan," Patterson said. "Note that today's ransomware has become very sophisticated at invading your backup copies, too. So ensure you test and segment your backups to ensure [you'll have] a clean and current copy when you need it most."
Protect Your Backups From Malware
You need to structure your backups so that they're both readily available and are themselves protected from common threats. Those threats could come from either your company's network or the network and storage infrastructure of whichever business-grade storage service you're using to house them.
Your options there are huge, ranging from mostly turnkey systems such as Dropbox Business$12.50 at Dropbox to those with highly advanced configuration and customization options, such as Amazon S3. For most organizations, protecting data on such services means you need to have both local backups as well as cloud backups, and you have to have a DR plan that takes both into account. And as Patterson mentions, you need to make sure that your off-site backups (at least) are protected from being attacked by malware, ransomware, or cybercriminals who might break into your system.
A readily available backup usually means backup data that's stored locally where it can be found and recovered quickly and easily. You might use this sort of backup when you need to recover the contents of a hard disk that has crashed or to recover critical data that was somehow erased. Having it on your internal local network means that you can simply copy the file or files and get back to work. Normally, these local backups would be made in real time.
Your cloud-based backups, on the other hand, need to be geographically remote from your data center, and this is true even if you're using a virtual data center that's also in the cloud. Done properly, your remote backups should not be accessible to malware or ransomware, and attackers shouldn't be able to find it. This means you can't take the easy way out and make your cloud backup look like a network share. Instead, you need to use backup software that handles the file transfer and encryption for you.
Test Your Data Recovery Process
And once you've set all of that up, you need to be able to confirm that you didn't back up malware, and you need to be able to test your recovery process because, if you can't recover your backups, then you might as well not have them.
While World Backup Day might serve as a memory jog, you really should just ignore it. Because backups should be ongoing and continuous, and your strategy should be dynamic. But if the day comes and you realize you haven't been paying attention to your backups, then perhaps the day will do some good. But maybe you should put a "backup day" of your own in your calendar every month instead of every year, because you need to think about your backup plans much more often than once per year.