Data backup is often used as an umbrella term that refers to the replication of data so that it can be used after a data loss event. These events can occur at different levels, sometimes impacting systems, databases, applications, individual servers, and/or personal workstations. 

Data recovery is simply the process of restoring saved data from your backups to their pre-failure state. For instance, a QuickBooks malfunction may lead to database corruption – resulting in a loss of all your transaction history for the past month.

With a good data backup and recovery process in place, that database can be restored to its pre-corrupted state once your IT team determines whether the error was temporary or fixes any underlying issues.

The reason it’s important to really consider your organization’s process for both data backup and data recovery is because not all approaches are equally efficient or effective depending on your business context. For example, if all your company did was copy all its data onto a CD, this would technically function as a backup to some degree.

But would that backup be easy or efficient to recover? And would that form of storage be considered the safest and most secure? 

Security best practices for some industries like medical, financial, or legal may call for making backups that are hard to restore but are also more protected from disaster or hacking. To better ensure a balance of ease of access and recoverability with security and compliance needs, consider the following questions:

How frequently should you back up your data? 

It depends on how often you alter certain pieces of data and how fresh you need that data to be at any given moment. 

Critical data that are accessed multiple times a day should be backed up daily. Data that isn’t touched as often can generally afford to be backed up less frequently, whether that means on a weekly, monthly, or even quarterly basis. 

When the data in question is related to compliance, it usually just needs to be backed to a few secure locations once. After that, it should be safe for years to come. 

Do certain types of data need to be backed up more frequently than others?

Data and files that are accessed frequently should be backed often. Documents that contain critical information, particularly when related to compliance, should be backed up regularly even if you don’t use them every day, though this is a less common need. 

How many backups should you keep and for how long? 

This depends on a number of factors. 

How valuable is the backed-up data? What’s the risk of loss vs the cost of extra storage space? How soon would you need to be able to access the data? 

The answers to these questions will vary for every organization due to each one’s unique needs and preferences.

However, in most cases, the best practice is to have two backups, one kept onsite and another stored in the cloud.

When it comes to how long should you keep backups the answer is – forever!

By that we don’t mean keeping every version of a backup you make, but that you should always be making backups and always keeping them stored.

The more relevant question when it comes to storage is what length of version history should you keep.

In general, maintaining a rolling 90-day version history provides a good balance between the protection of recoverability and the costs of creating and maintaining backup data.

However, this period can be shorter or longer depending on your particular business needs.

Where will your backups be stored? 

The standard for backup storage is to have at least onsite and offsite storage locations; local network storage and a cloud-based system.

Utilizing cloud-to-cloud redundancy is also an option, but this is only done in a handful of specific cases where the added protection of redundancy is needed.

How quickly will the data need to be recovered to prevent disruption? 

This honestly depends on what exactly needs to be recovered, as every business has its own particular data recovery needs. Generally, the more data that needs to be recovered, the longer the recovery process will take. 

Recovery times aren’t always in your control. For this reason, it’s important that your organization focus its efforts on setting up a data recovery process that maximizes speed and efficiency.

This can involve anything from centralizing your data organization to ensuring ease of access with your external backups. 

Who will manage the backup? How automated can your process be? 

As much as possible, the backup process should be 100% automated to save time and ensure completion so that the task isn’t missed or forgotten about.

The process might be overseen by an IT Manager, a member of your IT staff, or your managed service provider (MSP). But the entire process–from alerting to testing–shouldn’t be handled manually. 

Which data is most critical?

Without context, it’s difficult to determine which pieces of data are more critical than others. For this reason, your organization should create rules that explain what counts as critical data within your business.

A straightforward way to accomplish this is to ask: if I were to lose this today, how necessary would it be that I immediately recover it? 

Asking these questions should lead your team to determine not only what kinds of data matter more than others but how frequently they should be backed up and the number of copies you want to have. 

How are your backups going to be secured? 

All important backup files should have strong encryption. Keep in mind that this may add to the computational load and slow down the backup process. 

The location of the data and how it is stored should also be considered when it comes to security. Backups that are stored on properly managed external systems create additional protection against any natural disasters or theft of hardware that might occur at your office.

To keep your stored data safe, remember to give your backups strong passwords that get rotated every so often. Multi-factor authentication (MFA) should also be enabled for even greater security. 

If your organization lacks the resources to handle critical IT projects or simply needs additional resources to augment your existing team, consider our Managed IT services. Rather than suggest a one-size-fits-all service, we prefer to understand your business’s specific needs so that whatever solution we offer fits like a custom-tailored suit.