In the last few decades, everyone has picked up on the fact that data has become a critical component of our daily personal and professional lives. But not everyone has woken up to how easily it can be lost. Whether on phones or tablets or computers, data is stored in many forms, ranging from your family vacation photos to critical client information.  Deleting a couple of personal photos on accident is annoying.  Losing business files that have hundreds, if not thousands, of working-hours invested in them is a serious problem.  To everyone’s benefit, cloud systems like G-Suite and Office 365 make it easy to safely store your important data in the cloud. However, just because something is in the cloud does not mean it is “backed up.” In order to keep your business running smoothly, it’s crucial that your organization understand the best practices for data backup and recovery.  Because there are a plethora of things that can go wrong. Data can be lost, overwritten, corrupted, or compromised by ransomware, all of which would lead to unnecessary mayhem for you and your team. To help you ensure such tragic outcomes are avoided, we’ve put together this article to take you through our best practices for protecting your business’ data.

Why Data Backup Systems Are a Must

man in data server room Losing personal data is inconvenient but fairly easily avoidable. If you’re an iPhone user, simply saving your photos to both your phone and iCloud account means a lost phone isn’t a lost year (or more) of memories. Similarly simple and straightforward solutions exist for just about any other consumer computing device as well. When it comes to business data, the term “backed up” becomes more complicated. What should be backed up? How often? How many backups should exist? Where should these backups be located? Who should have access to our backups and who shouldn’t? When the profits and careers of you, your companies, and your colleagues are at stake, a little more thought is needed to ensure business can get back to business as usual should something go wrong. And when it comes to IT, one of the key things that can go wrong is a loss of access to critical data.

Why Data Might Be Lost

Unfortunately, there are many ways in which critical data can be lost. Some of them are: 
  • Hardware Failure– This can be anything from accidentally breaking your laptop to the natural decay that occurs with hard drives over time. Hardware failures can also occur at the server level. While this is something IT managers should account for, occasionally this can result in data loss.
  • Malware Infections – Short for “malicious software,” malware is the term used to describe any kind of code or program that’s designed to damage computer systems – which oftentimes leads to a loss of access to or corruption of data.
  • Ransomware – Ransomware is a specific kind of malware that encrypts data to prevent you from accessing your files – unless a ransom is paid to recover them.
  • User Error – Threats to your data aren’t always external. Sometimes an employee will simply forget to save an essential document after working on it all day, or a file may be unintentionally overwritten. It’s your people that will be interacting with your business data the most, and people make mistakes. 
  • File Corruption – Files can become corrupted for a variety of reasons. Most commonly, an application may malfunction while writing to its databases or saving files resulting in unusable data.
It’s for these reasons and a few others that, as you can probably see, it’s an essential function of any company’s IT to ensure data remains accessible even when it’s primary or original version becomes inaccessible. As with IT security, when it comes to processes and infrastructure to maintain that accessibility, there’s a tradeoff between convenience and data protection. Having individuals store files and emails locally on their workstation may seem more convenient as there’s no need to create a special file storage policy and hold people accountable to it. But this type of approach doesn’t serve your business in the long run, as files isolated on individual workstations, separated from your file sharing and backup processes, are at much higher risk of permanent loss.

How Modern Data Backup Works

To be clear, when we talk about data backup and recovery, we aren’t referring to business continuity and disaster recovery (BCDR).  Data backup and recovery deals with the particular what and how of backing up files, emails, and databases. This is an essential component of BCDR, but BCDR also includes the processes, plans, and procedures your business has around what to do in the case of various types of emergencies. Including elements beyond IT like who becomes the primary decision maker should your CEO become unreachable when a critical decision needs to be made. BCDR also includes technological components like Datto Continuity that keep your company backed up and restorable at a systems-level. At the file, email and database level, the data backup process starts with initial replication of all your company’s data – all the files, emails, and databases on all your workstations, network storage appliances, and servers. After this initial full backup is created, subsequent backups only contain data that has been changed since the previous backup was made.  This results in significant time, storage, and bandwidth savings compared to regularly running full backups of everything, regardless of whether or not the underlying data has been changed.

What To Consider When Creating Your Process for Data Backup and Recovery

What to consider when creating your data backup plan When thinking about your backup strategy, it’s useful to understand the difference between data backup and data recovery. Data backup is often used as an umbrella term that refers to the replication of data so that it can be used after a data loss event. These events can occur at different levels, sometimes impacting systems, databases, applications, individual servers, and/or personal workstations.  Data recovery is simply the process of restoring saved data from your backups to their pre-failure state.  For instance, a QuickBooks malfunction may lead to a database corruption – resulting in a loss of all your transaction history for the past month. With a good data backup and recovery process in place, that database can be restored to its pre-corrupted state once your IT team determines whether the error was temporary or fixes any underlying issues. The reason it’s important to really consider your organization’s process for both data backup and data recovery is because not all approaches are equally efficient or effective depending on your business context.  For example, if all your company did was copy all its data onto a CD, this would technically function as a backup to some degree. But would that backup be easy or efficient to recover? And would that form of storage be considered the safest and most secure?  In the case of the Compact Disc, the answer is no. However, security best practices for some industries like medical, financial, or legal may call for making backups that are hard to restore from but are also more protected from disaster or hacking. To better ensure a balance of ease of access and recoverability with security and compliance needs, consider the following questions:

How frequently should you back up your data? 

It depends on how often you alter certain pieces of data and how fresh you need that data to be at any given moment.  Critical data that’s accessed multiple times a day should be backed up daily. Data that isn’t touched as often can generally afford to be backed up less frequently, whether that means on a weekly, monthly, or even quarterly basis.  When the data in question is related to compliance, it usually just needs to be backed to a few secure locations once. After that, it should be safe for years to come. 

Do certain types of data need to be backed up more frequently than others?

Data and files that are accessed frequently should be backed often. Documents that contain critical information, particularly when related to compliance, should be backed up regularly even if you don’t use them every day, though this is a less common need. 

How many backups should you keep and for how long? 

This depends on a number of factors.  How valuable is the backed up data? What’s the risk of loss vs the cost of extra storage space? How soon would you need to be able to access the data?  The answers to these questions will vary for every organization due to each one’s unique needs and preferences. However, in most cases the best practice is to have two backups, one kept onsite and another stored in the cloud. When it comes to how long should you keep backups the answer is – forever! By that we don’t mean keeping every version of a backup you make, but that you should always be making backups and always keeping them stored. The more relevant question when it comes to storage is what length of version history should you keep. In general, maintaining a rolling 90-day version history provides a good balance between the protection of recoverability and the costs of creating and maintaining backup data. However, this period can be shorter or longer depending on your particular business needs.

Where will your backups be stored? 

The standard for backup storage is to have at least onsite and on offsite storage location; local network storage and a cloud-based system. Utilizing cloud-to-cloud redundancy is also an option, but this is only done in a handful of specific cases where the added protection of redundancy is needed.

How quickly will the data need to be recovered to prevent disruption? 

This honestly depends on what exactly needs to be recovered, as every business has its own particular data recovery needs. Generally, the more data that needs to be recovered, the longer the recovery process will take.  Recovery times aren’t always in your control. For this reason, it’s important that your organization focus your efforts on setting up a data recovery process that maximizes speed and efficiency. This can involve anything from centralizing your data organization to ensuring ease of access with your external backups. 

Who will manage the backup? How automated can your process be? 

As much as possible, the backup process should be 100% automated to save time and ensure completion so that the task isn’t missed or forgotten about. The process might be overseen by an IT Manager, a member of your IT staff, or your managed service provider (MSP). But the entire process–from alerting to testing–shouldn’t be handled manually. 

Which data is most critical?

Without context, it’s difficult to determine which pieces of data are more critical than others. For this reason, your organization should create rules that explain what counts as critical data within your business. A straightforward way to accomplish this is to ask: if I were to lose this today, how necessary would it be that I immediately recover it?  Asking these questions should lead your team to determine not only what kinds of data matter more than others but how frequently they should be backed up and the number of copies you want to have. 

How are your backups going to be secured? 

All important backup files should have strong encryption. Keep in mind that this may add to the computational load and slow down the backup process.  The location of the data and how it is stored should also be considered when it comes to security.  Backups that are stored on properly managed external systems create additional protection against any natural disasters or theft of hardware that might occur at your office. To keep your stored data safe, remember to give your backups strong passwords that get rotated every so often. Multi-factor authentication (MFA) should also be enabled for even greater security. 

Your Data Recovery Plan

Data recovery saves you time and money Creating a solid plan for data recovery ensures that in the event that critical information is lost and wasn’t backed up, you get to relax knowing that the relevant files are at least recoverable.  A great recovery plan will make this process smooth and efficient, so when designing your company’s plan, make sure it covers the following: 

File Recovery

Can you retrieve an individual file from your backups? This is by far the most straightforward type of recovery and one that is often needed most.  Employees may accidentally delete, overwrite, or change important files and you’ll need to make sure you can get them back without having to wait for entire systems or drives to be restored.

Testing Recoverability

This is one of the most significant parts of any recovery plan. Restoration tests should be conducted regularly and in an environment isolated from your live systems to avoid interruptions or accidental overwrites.  When putting together your recovery procedure, the following should be taken into account: 
  • How long will it take to restore backups? – If your backups are being stored onsite, they’ll restore more quickly than if they’re offsite on the cloud. 
  • What files are more critical than others? – As mentioned above, you want to create rules or protocols within your company to determine which files are most important for your business. 
  • What’s the most effective way of organizing your data? – Having a convoluted data structure makes the backup process needlessly difficult, so a good thing to keep in mind is: if your data looks messy, trying to recover it is going to be as much of a mess. In contrast, having an organized central repository of data in your company supports ease of recoverability.  

System Level Recovery

When it comes to system level backups, you’ll want to back up your whole server. At this scale, the topic actually begins to bleed into the area of backup disaster recovery rather than file backup and recovery.  VM recovery also comes into play at this level as any virtual machines should be able to be restored in backups. Although system level backups are technically more related to the realm of business continuity and disaster recovery (BCDR), they’re still useful to consider if your company has yet to implement a BCDR plan or technology. 

Where to Store Your Backups

Onsite data storage Where you keep your backups matters because whatever location you choose, it will impact how well your data is protected and how quickly it can be recovered. Below are good options to consider: 

Onsite Storage Best Practices

Onsite storage is convenient because you gain physical control over your servers. Third parties also won’t have the ability to access or control your sensitive data, and you won’t need an internet connection to access your backups.  Storing your data onsite could simply mean keeping your company data on external hard drives or on servers other than the ones it’s normally accessed from. But those options aren’t the most secure.  Instead, you should opt to get your company dedicated server hardware that can be stored on a rack mount device This would ideally be kept in a secure server room so that only relevant persons would be able to access it. For extra security, consider keeping your local backups encrypted.  Taking such measures gives your storage hardware greater protection against theft and breakage, but not unexpected workplace disasters. In order to keep your data safe in worst case scenarios, make sure your onsite data gets backed up to a cloud server as well. 

Offsite Storage Best Practices

The benefits of offsite cloud storage lie in part in its scalability and security. If anything were to happen to your workplace, you could relax knowing that any critical data would be safe at its offsite server location.  When deciding on which cloud service to choose, you’ll have to decide if you want to utilize a public or private cloud type. There’s also a hybrid cloud type, but they’re rare and often impractical for many companies due to their higher costs and longer setup period.  Public cloud types host your resources over one or more cloud providers like Azure, AWS, or Google Cloud. Anyone has the ability to use these servers because they’re public.  Many companies prefer public cloud types because the infrastructure is already there waiting for you, so very little setup time is required. Private clouds, contrary to public clouds, are not available to the public. The main benefit of this type is that you gain the ability to customize your cloud server to suit your organization’s unique needs. Setting them up tends to take more time and cost a bit more since they have to be built from the ground up. If your company is interested in a private cloud type, check out VMware’s vCloud and OpenStack.

Is It Possible to Lose Data Using Cloud Backups? 

In short, yes.  When we say cloud server, people tend to imagine that your data is high in the sky, tucked safely away from all the dangers of the world below.  At the end of the day, data in the cloud is still stored on hardware that can fail, in data centers that can be mismanaged. Though, admittedly, these kinds of failures are quite rare compared to more simple problems like employees accidentally deleting files from a cloud storage drive. After a set period of time, those files are automatically removed from your cloud storage provider’s recycle bins and are then lost forever just as if they were deleted when a local device’s recycle bin is emptied. Rather than just assuming “the cloud” is safe,  it’s best to employ cloud-to-cloud backup solutions.  This can be accomplished via a product like Datto which will backup and store your current cloud data and another cloud server–a process also known as double-redundancy. 

How to Support Your Data Backup and Recovery Process Via Policy

Critical files and documents can get lost for a variety of reasons, but good policy and preventative strategies can go a long way in preventing that.  The policy should clearly define the objectives, set accountability, and layout the purpose of your data backup and recovery process. Some initiatives to consider mentioning in the policy include: Internet/email/data protocols – Creating policies and protocols to dictate behavior regarding your company’s networks, emails, and data will reduce the likelihood of abuse with these resources. This in turn will lower the likelihood of theft, malware infection, and other dangers to your data.  Employee training programs – Most employees will not understand standard data backup and recovery protocols, so you’ll want to create training programs to make sure all relevant parties are on the same page. Training should be conducted for all new employees, and then updated whenever significant changes occur to your organization’s data backup and recovery process. Backup & Recovery Testing – Policies related to this subject should state the frequency of your data’s backup and recovery testing. These should at least occur on a quarterly basis. Once your policies have been set and agreed upon, a good practice is to review and assess them on an annual basis so that they can stay up to day in modern data backup and recovery practices.  If you find that you’re too busy to dedicate an appropriate amount of time to these tasks, a good MSP like Commprise will be able to make these assessments for you and present them in a way that’s easy to understand. 

Planning for Worst Case Scenarios

Ransomware data breach Any IT professional will understand that, when it comes to data, anything that can go wrong will go wrong.  Taking the proper measures to implement a data backup and recovery process helps things stay on the right track. And to help this article stay with you, we’re going to take a moment to recap it’s most important points.
  • Why Your Company Needs a Data Backup System There are simply too many ways data can be lost, some of which include hardware failure, ransomware, malware infections, user error, and file corruption. 
  • How Modern Data Backup WorksThe data backup process starts with initial replication of all your company’s data, with subsequent backups only containing data that has been changed since the previous backup was made. This results in significant time, storage, and bandwidth savings.
  • Why You Should Consider Your Data Backup and Recovery Process – While data backup refers to the copying of your business data to a safe storage location so that it can be used in a data loss event, data recovery is simply the process of restoring saved data from your backups. Not all approaches to this process are equally efficient or effective given your business context, so take time to think about which process is best for your unique company. 
  • Data Recovery Procedure – A well designed and implemented data recovery procedure ensures that your IT team is able to quickly get your business back in working order when systems fail. When creating your data recovery procedure, you should know which files are more critical than others, identify the most effective way of organizing your data, and test how quickly files can be recovered. 
  • Data Storage Best Practices – Wherever you store your data should be secure and easily accessible. The most effective situation is to have an onsite storage location and also an offsite cloud storage. 
  • The Cloud Still Needs to be Backed Up – Data in your cloud storage can still be lost. Utilize cloud-to-cloud backup to protect offsite data. 
  • Support Your Data Backup and Recovery Process Via Policy –  Setting up good policies and protocols for your data backup and recovery process can help avert the loss of critical data in your organization. Important initiatives to consider include employee training programs, backup and testing policies, and internet, email, and data protocols. 

Backing Data Up Today Will Save You Tomorrow

Employees conducting business As you’re no doubt aware, keeping track of all your company’s IT responsibilities can feel like wading through a mess, which is legitimately difficult to sort through; we sympathize with why so many companies put it off.  But if tasks like data backup and recovery aren’t managed properly, you leave your business’s data wide open to Murphy’s law which, unfortunately, does not pull any punches. Let’s say you have a client meeting in an hour and a document you needed is suddenly lost. You’ll need to know exactly how to get it’s backup well before the meeting if you’re to be prepared.  The clearer you are on how this data will be recovered, the less stress you’ll experience, which will contribute to the meeting’s success. If your organization lacks the resources to handle critical IT projects or simply needs additional resources to augment your existing team, consider our Managed IT services. Rather than suggest a one-size-fits-all service, we prefer to understand your business’s specific needs so that whatever solution we offer fits like a custom-tailored suit. Your data organization will look as good as you’ll feel knowing that your IT is in capable hands.