When it comes to protecting yourself online, there’s no silver bullet. Security software may block some incoming threats, VPNs can secure your communications, and sound data hygiene can prevent data leaks and breaches. But there’s one strategy that can both help to prevent and recover from otherwise catastrophic data incidents: Regularly backing up files and data.
One of the more daunting elements of getting a reliable backup system in place is the sheer variety of solutions. Some backup methods require a dedicated IT support staff to manage and maintain, other types can be put in place on a personal computer or local network relatively quickly. While the methods and products vary widely, it’s crucial to make sure you have a solid working understanding of your options and to find the right fit for your business.
Different Ways To Back Up Your Data:
- Tape Backup: Tape-based backup has been in use since the 1960s and is still very much a go-to for long term data storage. While many businesses rely on this method for regular and large-scale backups of crucial data, especially for legal compliance in record-keeping, restoring data from tape is time-consuming. Tape drives also typically require offsite storage and can be damaged if not stored in the right conditions.
- Network Attached Storage Drives (NAS): NAS drives are, in essence, external hard drives that can be accessed via local networks or the Internet. While the typical uses for NAS drives vary, many businesses rely on them as shared backup solutions, where multiple systems can connect to and store backup data either in the office environment or remotely.
While NAS drives are a convenient and affordable option for storing the data of several computers in an office, they are connected to a network, which means they are vulnerable to data breaches, malware, ransomware, and data leaks due to misconfigurations.
- External HDD: External hard drives are a valid option for single users, especially in home offices. While storage capacity and speed can vary, an external hard drive used in concert with the right software can help provide a baseline of secure storage for short term backups.
While keeping an external hard drive disconnected from the internet and other machines (a practice called airgapping) means it’s less vulnerable to hacking attempts, malware can still be transmitted from an infected computer once connected. Hard drives can also fail depending on their age, usage, or exposure to physical damage.
- USB Drives: While USB keys and thumb drives typically lack the capacity to back up a system, they can still provide an invaluable and convenient means of storing mission-critical data such as passwords, tax and financial information and invoices. This can mitigate the impact of a ransomware attack where users find themselves locked out of their systems and unable to access their most important information.
Like external hard drives, USB keys can also be infected with malware if connected to a compromised system. The portability of a USB drive also poses one of its greatest dangers since a misplaced or lost USB key with important data is technically a data compromise, and a potentially devastating cyber event for an organization.
- Cloud Backup Services: As adoption of cloud-based storage solutions has soared, the number of options has increased. Cloud-based backups systems, when configured properly, can offer a level of ease and convenience not easily matched by other solutions.
The cloud can easily accommodate a system’s worth of data, no matter the size of that system and the number of employees using it, but it can also safely accommodate employees working from remote locations.
While cloud-based systems typically offer remote security, stability, and reasonable price points, misconfigured servers are a major source of massive data leaks. Capital One, Facebook, Instagram, Docker and Autoclerk had all reported this kind of cyber event. Posting any data online includes the risk of exposure, and posting the entirety of your hard drive or your business data online increases the potential fallout.
What Are the Main Considerations When Choosing a Backup Method?
How frequent are the backups?
Efficient scheduling of backups requires a balancing act. If you can backup your system or storage once every two hours, that means you run the risk of, at most, losing two hours’ worth of work. Conversely, each backup can take up large amounts of storage space significantly increasing cost.
Security is another consideration since a recent backup helps mitigate the potential damage of any cyber security fails that may occur. If you find malware on your system, you’re going to want to be able to roll back to a time before it entered network.
Find a solution or set of solutions that offer flexibility between short-term and long-term needs.
How quickly can backups be loaded?
Few businesses can afford to be offline for hours, much less days. While the number of machines and the amount of data both play a part in how long it takes to restore everything from a backup, some platforms and backup methods take longer than others. Look for a secure backup option that can get you back up and running reasonably quickly.
How secure are the backups?
While it’s essential to keep copies of your data, there’s a risk your data will be accessible to outside parties. Unsecured databases and servers online are discovered all the time, and should serve as a reminder that backups are effective as cybersecurity measures as long as they’re actually secure.
Be sure to restrict access to any data stored online via multi-factor authentication, ensure that any data transmitted is done via end-to-end encryption, and confirm that any physical storage is or has been catalogued in an inventory.
Is tech support available?
Whether you experience a malware infection, ransomware attack or catastrophic hardware failure, there’s never a good time to restore from a backup; even the best options can be time-consuming, resulting in lost time and work. This can be exacerbated by running into technical issues with your backup solution itself: Be sure that any backup service provider can guarantee 24-7 support for their products.
What It Can and Can’t Protect You From
While backups are an important tool for cybersecurity, they’re not a panacea. Here’s what they can and can’t protect you from.
Ransomware: There are countless variants and strains of malware out there, some more sophisticated than others, but one consistent method across the board is to lock a computer or network, encrypting its contents and then demanding a ransom to regain access. It can be possible to restore from a backup recorded before a machine or system was compromised, with some caveats (see below).
Malware: A single careless click on an email attachment or a well-disguised link can deploy malware on a computer, network, or device. As with ransomware, the process of trying to fully root out a malicious program and ensure its complete removal can be time-consuming and require the services of IT technicians. When this happens, it’s often easier and more efficient to roll back to an uninfected backup.
Physical damage: Recovering data from a physically damaged computer or storage device may not qualify as “cybersecurity” in the traditional sense, but having backups does indeed keep your data secure. While we typically envision cyber attacks as the primary threat to data, power surges, dropped laptops, and even spilled coffee can necessitate a restoration from a backup.
What backups can’t protect against:
Ransomware: Although restoring from a backup can stop some ransomware attacks in their tracks, it’s not always a solution.
“If ransomware gets into your network, and it happens at the moment that you are backing things up, it could crawl into that backup system, unless it's a separate system that you intermittently connect to,” said CyberScout founder and chairman Adam Levin.
Data leaks and breaches: If a hacker gains access to your system and is able to exfiltrate your data, no backup can save you--unless you can turn back time.
Poor passwords and data hygiene: A backup can help restore or mitigate a malware-infected computer, but there’s still no substitute for adequate training for employees to minimize their risk in the first place. “A compromised employee can lead to a compromised company,” says Levin, “which is why I favor cyber training that is aimed at minimizing, monitoring, and managing cyber risk.”
Follow the 3-2-1 Rules of Data Backups
When it comes to backing up your data, IT and cybersecurity experts alike consistently advise what’s known as the “3-2-1” rules, which are:
Keep at least three copies of your data: The emphasis here is on at least. Backups are inherently fallible, and can fall prey to malware, ransomware, power surges, and hardware failure. The only way to make sure your data is truly secured is by having backups of your backups.
- Store two copies on different media: Having multiple backups in the same format means that they have the same vulnerabilities: the same malware can hit multiple network-connected drives, a flood or electrical surge or fire can destroy all of your equipment at once, and a loss of Internet access can cut you off from cloud-based backups. Any backup strategy needs to keep worst-case scenarios in mind by using at least two different types of storage.
- Keep one backup copy offsite: Onsite backups are typically quicker, faster, and simpler to restore, but they shouldn’t be your only failsafe. Make sure you have at least one offsite backup method, be it in the cloud, in a storage space, or another office. While it’s important to have a remote copy of your data, be sure that it’s properly secured; archived data can be a treasure trove if it falls into the wrong hands.