One of the most important steps when considering cyber security and data safety is maintaining backups.
Backing up data is the process of copying an organisation’s information to a secure secondary location. As such, if a laptop, smartphone or other device becomes compromised or damaged, the data can be easily retrieved, and interruption to your business may be minimised.
While the concept of backing up data may seem simple, organisations should understand the various factors that can make a backup process successful.
Backing up data is among the most common cyber security controls used by UK organisations, according to the Department for Digital, Culture, Media & Sport’s 2021 Cyber Security Breaches Survey. Despite this result, respondents to the survey also said that one of the most frequent consequences of a data breach or cyber attack was temporarily losing access to files.
Even when an organisation takes adequate precautions and regularly backs up data, it’s essential to optimise the process, as this can limit the amount of time it takes to recover from a data breach. Ideal backup practices should include the following steps:
Establish policies – organisations should create official backup policies and practices to avoid confusion or errors. These policies should include specific instructions, such as how often data must be backed up. Organisations should consider their needs and regular operations when composing these policies. Furthermore, policies should be revisited regularly and adjusted as necessary.
Designate roles – it’s vital for organisations to have designated employees who are responsible for backing up data. Depending on the size of an organisation, this could be multiple members of staff or, for larger organisations, a team of individuals.
Identify important data – take time to audit all organisational data and determine what is most important. If there is certain information that an organisation would not be able to function without, it should be prioritised and backed up regularly.
Select storage – data backups should be stored on separate devices, such as USB sticks, separate hard drives or even separate computers located off-site. In addition, using cloud storage can be a convenient way to secure data while keeping backups separate from a physical workplace. Selecting storage for backups in a different physical location may be advisable, as this can protect them from physical hazards, such as fires or flooding. When making backup selections, organisations should ensure that their storage devices will have ample space for future additional data.
Beware of malware – when backups are stored on a separate device, it’s imperative to understand that they can still be corrupted in the same way that originals may have been. For example, malware and ransomware can be stored on portable devices, such as USB sticks. Do not connect a device with backup storage unless safety is certain.
Check for updates – much like computers and smartphones, backup devices may also have regular updates. Software must be kept up to date so that backup storage is expectedly accessible and protected from cyber threats, such as malware and viruses.
Test backups – do not assume that a backup process has been successful. After copying data, try to access the new backups or conduct a test restoration of some files.
Backing up data is a necessary precaution for organisations of all sizes. Losing important information can result in financial losses, reputational damage and interrupted operations for your business.
Any views or opinions expressed in this briefing are for guidance only and are not intended as a substitute for appropriate professional guidance. We have taken all reasonable steps to ensure the information contained herein is accurate at the time of writing. In relation to any particular insurance related issues, readers are advised to seek specific advice
BHIB Insurance Brokers is a trading name of BHIB Limited. Registered office is AGM House, 3 Barton Close, Grove Park, Enderby, Leicester, LE19 1SJ. BHIB Limited is registered in England and Wales number: 829660 Authorised and regulated by the Financial Conduct Authority. We are covered by the Financial Ombudsman Service. You can find out more at www.financial-ombudsman.org.uk