You don’t know what you’ve got until it’s gone. Unfortunately, when it comes to your data stores, you don’t know what you’ve got when it’s gone – unless you’ve backed up your data. Yes, this is an old shoe. Data backup is no new news, but believe it or not, in 2022 it’s more relevant than ever – especially for small businesses. We’ll tell you why.
Define “Data Backup”
First, let’s define the term. “Data backup” means making a copy of your information and storing it somewhere other than where it is originally. That way, if that system, hard drive, application or server goes down, you’ll still have the information that lived on it. You can offload your data to external hard drives, backup servers, cloud storage options, or a combination of all three. In turn, you can also look to a third-party backup and recovery provider.
According to Gartner, backup and recovery solutions are designed to “capture a point-in-time copy (backup) of an enterprise workload and write the data out to a secondary storage device for the purpose of recovering this data in case of loss. The solution can be offered as an appliance, as software only or as a vendor-managed service offering.” They serve to “back up and recover operating systems, files, databases, and applications in both physical and virtual environments in the data center; assign backup and retention policies that align with the organization’s recovery objectives; and report success and failure of backup/recovery tasks.”
3-2-1 Backup Rule
When storing copies of your data, remember to use the 3-2-1 Backup Rule.
● Save three (3) copies of your data. This means the primary data, and two backups.
● In two (2) storage solutions. It’s best to diversify the types. If your primary data source is stored in the cloud, for example, save your two secondary copies in an external hard drive and on disk tape, respectively. The more diverse, the less risk of malfunction, theft, or compromise. A Network Attached Storage (NAS) is an additional storage option. It’s a smart hard disk box that connects directly to your network, and operates independently, so it will continue functioning (and storing) regardless of what happens to the rest of the infrastructure.
● One (1) of which should be in a remote location. It’s important to keep at least one backup copy offsite, or in the cloud – or in another country. The further away from your primary data source, the further away from disaster should you get hacked or fall victim to ransomware. For ease of use, if one copy is in an extremely remote location, it’s best to keep the other close at hand for faster recovery.
Ransomware and data backups for SMBs and SMEs
For a small or medium-sized enterprise, data is king. Your niche customer base, their personal networks and their trust in you are your bread and butter. To lose that by mishandling their PII, financial information or other sensitive information would jeopardize not only your client base, but your reputation and bottom line. And as a small business, potentially your ability to recover.
One of the biggest threats to data today is the rising risk of ransomware, and the increasingly deadly RansomOps. RansomOps refers to the entire ransomware process, from ingress to payment, and often includes increasingly sophisticated methods, big name corporations and exorbitant payment amounts (one asking for a record $50 million).
However, small businesses are still at high risk of ransomware attack, despite the recent trend towards RansomOps and big-game targets. Hence, small businesses should prepare accordingly and save data copies in places off their network.
Ransomware today not only steals your data, but in many cases encrypts it, too. Known as double-extortion, this method holds your data hostage until you can pay the ransom sum, then provides the decryption key. In some cases, ransomware gangs threaten to delete the decryption key if the organization chooses to seek out law enforcement for help negotiating down the payment amount. All this could be circumvented with proper data backups.
However, what if your backups become infected? It is possible for ransomware gangs to get to your additional copies, encrypt them and demand payment for them, too. Certain cross-network ransomware strains (and many others) are built with backups in mind, waiting until you resync to strike again. Although 100% protection is elusive, different methodologies for securing backups against ransomware are out there.
The bottom line is that with so many small businesses still at the mercy of ransomware threats, data backup is a necessary form of defense.
Better safe than sorry
While saving copies of your customer and company data ensures some peace of mind, it is only a backup solution. A good cybersecurity posture that can defend your data from compromise in the first place should always be the first choice. However, why limit your defense if you don’t have to? Small businesses that rely on trade secrets and customer loyalty are hit hardest by data loss, and data backup and recovery is just another essential part of any SMB or SME security strategy.