It’s a national embarrassment: over 400,000 records wiped from the Police National Computer database, including records for serious offences that should have been stored forever. Among the losses are fingerprints and DNA records that have already impeded police efforts to match crime scenes with offenders using these biometric markers. A report into the blunder suggests that due to ‘defective coding’, the regular ‘weeding’ process, which deletes police records the law no longer allows them to hold, incorrectly deleted valid data. The code also left records that should have been removed, which means that the police may have access to data that shouldn’t legally be held. In a press release about the data loss, the government stated that Home Office staff are trying to get the records back, which implies that they are unable to simply restore data from backup files.
If that horror story didn’t keep you up at night, it’s probably because you already have a tried-and-tested backup system in place. If you don’t, it serves as a timely reminder that data loss can happen to anyone and a robust business data backup system is an essential component of any modern organisation.
So, how can you prevent something like this from happening to your organisation?
“While choosing the right tech for backing up your data is important, what is far more important is good housekeeping,” says Intersys Managing Director Matthew Geyman. “In practice, this means having the right methodologies in place such as understanding your maximum acceptable loss, and testing your backup and restore plans regularly.”
Here’s a step-by-step guide to best-practice principles for business data backup. Follow these points yourself or with help from an IT specialist and you will be doing everything possible to ensure your data is well protected.
What is the best solution for business data backup?
1. Identify a dedicated data manager
Make sure you have a designated person responsible for data security. Even with an automated ‘set-and-forget’ backup system, someone needs to take responsibility for checking that the backups are actually taking place, as no system is infallible. Network failures and power outages are common causes of backup failure.
This dedicated data manager will need to consider things such as whether to back up data held on individual computers and mobile devices, as well as the company servers; how often to back up data (see point 3 below); and which backup technologies to use.
2. Understand your data loss risk
While all organisations have the potential to lose data ... some are more vulnerable than others to deliberate and targeted sabotage.
There are many ways to lose data and it is important that your data manager understands the particular risks faced by your business. Common threats include:
- Hardware failure
- Loss of data due to fire or flood
- Lost laptop or mobile devices
- Theft of hardware
- Accidental deletion of data by an employee
- Infection by malware
- A ransomware attack rendering your files inaccessible until you pay a substantial sum of money
- Deliberate damage by a disgruntled employee
While all organisations have the potential to lose data in these ways, some are more vulnerable than others to deliberate and targeted sabotage. Organisations that hold valuable data – government institutions, legal services, healthcare, higher education, financial services – are frequently targeted.
Healthcare is particularly vulnerable at the moment: back in July 2020, the NCSC said they were confident that Russian intelligence agencies were targeting drug companies’ covid-19 vaccine research; more recently, IBM’s cybersecurity division identified a series of cyber attacks aimed at disrupting covid-19 vaccine distribution.
3. Identify your objectives
It’s crucial to clearly decide on your objectives or targets before beginning any work on a business data backup strategy.
It’s easy to assume that the best strategy for data backup is to back up as much data as possible as often as possible. However, while it is true that the cost of backing up data has fallen dramatically in recent years, there is still a financial factor to consider, especially as you approach a ‘zero’ data loss strategy – that is, no loss in data or service following a failure.
The two most important objectives to consider are your Recovery Point Objective (RPO) and your Recovery Time Objective (RTO).
To figure out your RPO, you need to consider how much changed data you can afford to lose and be able to continue functioning with minimal disruption to your business. One way to think about this is to imagine a timeline: how big a gap can you afford between your last backup and a data loss? For some businesses this might be a week. For others a couple of hours. For high frequency traders it might be nanoseconds.
Next, you need to decide on your RTO. To do this you need to judge how long a time period you can manage between the data loss incident and the resumption of normal business operations. As with the RPO, this will vary according to the type of business.
Once you have determined your maximum acceptable losses, your RPO and RTO can be determined.
4. Follow the 3 – 2‑1 rule
The standard ‘best practice’ for business data backup is known as the 3 – 2‑1 rule. This stands for:
3. Make at least three copies of the data
2. Use two different storage formats
1. Ensure at least one copy is stored offsite
This helps to ensure that there will always be one safe backup in the event of a disaster. For example, if the backup stored in the cloud is attacked by malware, the backup stored on an offline external hard drive will be safe. Or, if you lose your USB drive backup, you’ll still have the cloud-based one. The third rule helps protect against a disaster such as fire or flood that could destroy all hardware stored on-premises.
5. Test, test and test again
Having a backup system in place is a good first step. The next is to test it. Running a restore test is the only way to determine what will happen, rather than what you suspect, or hope, will happen. This way, the process can be refined, improved, and documented — and your backup strategy will be fully operational when it’s needed urgently. “Untested backups should be considered non-existent,” says Intersys Technical Director, Richard Geyman. “If it’s critical, our advice is to test, test, test.”
If business data backup worries are keeping you up at night, Intersys offers backup services and disaster recovery. You may also like to know about our support for emergency IT problems. To find out how we could help your business, give us a call on +44 (0)20 3005 4440.