Data backups enable an organization to experience minimal downtime after a ransomware attack or other data loss event. These disaster recovery processes don’t always get the appreciation they deserve. If a server goes down, but data is swiftly restored, it appears that things worked all along, even though significant planning and monitoring went into ensuring this was possible.
Having data backup processes in place is what keeps your organization’s files safe in the event of fires, storms, and floods. Backups are also critical for defending against ransomware attacks, which now pose the greatest threat to your data. Because backups are essential to keeping your systems running, hackers almost always try to obtain access to them. In fact, according to a recent report from Sophos, 99% of the cyberattacks against local governments targeted the organization’s backups. Rates were similarly high for other sectors, such as business services (98%) and healthcare (95%).
Of course, hackers don’t need to target backups if they don’t exist in the first place. The government of Indonesia remained blissfully unaware that they were without backups for most of the country’s systems until they were hit with a ransomware attack this past June. In one data center, only 2% of the data had been backed up. Hundreds of public agencies and ministries were impacted by the attack, most notably the country’s immigration and transportation systems.
Backup Procedures for Continuity and Compliance
Backups also enable an organization to remain compliant with industry-based regulations. Organizations that hold medical data or financial data, and government entities that hold data belonging to their citizens, have specific data retention and security standards with which to comply.
Additional data privacy regulations, like the European Union’s General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA) and the California Consumer Privacy Act (CCPA) all require that organizations encrypt their data and adhere to regular backup procedures, including creating redundant, offsite backups.
But why should these laws concern US based entities that:
- Aren’t located in California,
- don’t hold medical data,
- don’t hold data belonging to Europeans, and
- don’t store data in Europe-based data centers?
There are two very good reasons. For one, these requirements are only the first of a wave of data privacy requirements we can expect to see in the future. With increasing leaks of personal data by hackers, we can expect to see more regulations protecting data privacy. Complying with these regulations is a good first step. And two, these requirements are in place for an important reason. They protect the owners of the data you hold, but they also protect your organization’s investment in that data.
A Backup is Only as Good as a Restore
Ideally, your organization should regularly run a full backup of all data. You should also back up changes to data that occur between full backup runs; for example, with incremental or differential backups that copy database changes that have occurred after the most recent backup.
But it’s not enough to back up data without having a working restore process in place. For example, the type of backup run (full, incremental, or differential) will impact the time it takes to restore data, and by extension, the time it will take for you to resume operations. An incremental backup copies only new or changed data since the last full or incremental backup. If data is incrementally backed up, it will require applying multiple restore processes. In contrast, a differential backup, which copies all data that has changed since the last full backup, will restore faster. To determine whether to run incremental or differential backups you’ll need to weigh several factors to determine what works best for your organization – the cost of data storage, the speed of recovery and tolerance for downtime, the types of data you hold and how often it changes. An experienced managed services provider can help you make the right call.
Dangers from Failing Backups
Backups and restores are not one-and-done processes. Backup processes can fail, storage media can break or be encrypted by hackers in a ransomware attack. At InterDev, we know that the key to successful data recovery is timely identification of a problem so that it can be fixed before there’s any significant data loss. To address this, our cloud engineers have developed custom consoles that enable them to continuously monitor our clients’ systems in real time.
Don’t wait until disaster strikes to find out if your systems are properly backed up. Talk to our specialists to learn how InterDev can implement backup and recovery systems to keep your organization running.
