How to manage backups

1. Identify the resources and data that are critical to ensure operations

It is important to back up all critical resources and data. This will be different for every organisation as they don’t all provide the same services. An organization must first define which data and resources are critical to ensure the continuity of their operations. This can be determined by asking the following types of questions: "What data cannot be recovered if lost?", "What data is most frequently requested?”, “What data would have an financial impact if unavailable?”, “What data would damage the organization’s reputation if accessed by the wrong people?”, etc.

2. Determine where the critical resources and data are stored

Next to knowing what the most critical resources and data are, it is important to know where they are stored giving the many possibilities that exist nowadays. Each device and support storing critical resources and data should be identified, e.g., servers, laptops, mobile devices, hard drives, USB keys, etc.

3. Choose the right type of backup

There are three different types of backup that can be performed, each one defining which changes made to the data will be added to the last backup. It is also possible to combine multiple types of backup to tailor them to the organization’s needs.

• Full backups: with each iteration, all the data is backed up. In case of an incident, a full restore of everything is available. However, backing up all the data all the time takes a lot of time, making it harder to execute such backup, and implies many redundant copies of data, requiring more storage space.
• Differential backups: with each iteration, only files that have been created or modified since the last full backup are copied. A full restore of the data is faster as it only requires the last full backup and the most recent differential one. Also, it requires less storage space as less redundant copies are made.
• Incremental backups: with each iteration, only the files that have been created or modified since the last backup iteration are copied. Suck backups take less time to execute and require less storage space. However, a full restore of the data will take a considerable amount of time as it requires the full backup and all the previous incremental ones.

The following table indicates which data is backed up for each type.  

4. Back up the data at regular intervals

In general, all resources and data should be backed up at least weekly. However, depending on the criticality of the resources and data, more backup iterations can be set. When there is less time between two iterations, the risk of losing an important amount of data is minimised. Thus the more critical the data is, the more often a backup iteration should be executed.

5. Automate the backup process

The backup process should be automated wherever possible for more efficiency. This will allow to back up the data as regularly as predetermined without monopolizing the collaborators responsible to ensure the backup execution. Manual backups are also possible, however, a tight schedule should be determined and followed strictly.

6. Store backups online and offline to ensure their availability

Backups can be stored either online or offline. When stored offline, there is a distinction to be made between storing them locally or remotely. To ensure the backup availability, it is best to use a combination of an online and offline versions wherever possible. Also, different copies should be made on different media and one copy should be kept in a different location from the original one to protect it in case of a disaster.

A specific way to store backups can be the 3-2-1 method. This is a combination of a local offline backup, a second offline backup at another location and an online backup. In total this means that 3 copies of the data exist, stored in 2 offline storages and 1 online storage.  

The following tables present an overview of pros and cons of what each type of backup storage can bring.

Online backups (cloud):

Offline (external hard drive):

7. Secure the access to backups with strong passwords and Multi-Factor Authentication

Having all the necessary data and resources backed up is crucial for an organization. However, backups are also a potential target for cybercriminals, which makes them vulnerable. It is thus important to ensure their protection by implementing specific security controls to ensure they cannot be tampered, deleted or modified.

The access to the backups should be limited. Not everyone within the organisation needs to be able to read or modify them. Only people working directly on them should have access. This also includes the specific people involved in the incident resolution process as they will be the ones to recover the data and resources when needed. In addition to restricting the access, strong authentication should be set up by enforcing the implementation of a strong password and Multi-Factor Authentication. Multi Factor Authentication requires a user to provide at least two different methods (e.g., passwords and PIN code, PIN code and a code received via text) to verify their identity and grant them access to the resource they are trying to reach.