Too many organizations fall victim to data theft, data loss or technical problems and struggle to get back on track afterwards. Thankfully, a good backup strategy can help mitigate these scenarios as it ensures the continuity of daily operations and enables the recovery of critical assets.

The golden rules of backing up

1. Identify the resources and data that are critical to ensure operations

It is important to back up all critical resources and data. This will be different for every organisation as they don’t all provide the same services. An organization must first define which data and resources are critical to ensure the continuity of their operations. This can be determined by asking the following types of questions: "What data cannot be recovered if lost?", "What data is most frequently requested?”, “What data would have an financial impact if unavailable?”, “What data would damage the organization’s reputation if accessed by the wrong people?”, etc.

men smiling at the camera sitting at a desk in an brightly lit office

2. Determine where the critical resources and data are stored

Next to knowing what the most critical resources and data are, it is important to know where they are stored giving the many possibilities that exist nowadays. Each device and support storing critical resources and data should be identified, e.g., servers, laptops, mobile devices, hard drives, USB keys, etc.

3. Choose the right type of backup

There are three different types of backup that can be performed, each one defining which changes made to the data will be added to the last backup. It is also possible to combine multiple types of backup to tailor them to the organization’s needs.

  • Full backups: with each iteration, all the data is backed up. In case of an incident, a full restore of everything is available. However, backing up all the data all the time takes a lot of time, making it harder to execute such backup, and implies many redundant copies of data, requiring more storage space.
  • Differential backups: with each iteration, only files that have been created or modified since the last full backup are copied. A full restore of the data is faster as it only requires the last full backup and the most recent differential one. Also, it requires less storage space as less redundant copies are made.
  • Incremental backups: with each iteration, only the files that have been created or modified since the last backup iteration are copied. Suck backups take less time to execute and require less storage space. However, a full restore of the data will take a considerable amount of time as it requires the full backup and all the previous incremental ones.

The following table indicates which data is backed up for each type.  

Backup 1All dataAll dataAll data
Backup 2All dataChanges from backup 1Changes from backup 1
Backup 3All dataChanges from backup 1Changes from backup 2
Backup 4All dataChanges from backup 1Changes from backup 3

4. Back up the data at regular intervals

In general, all resources and data should be backed up at least weekly. However, depending on the criticality of the resources and data, more backup iterations can be set. When there is less time between two iterations, the risk of losing an important amount of data is minimised. Thus the more critical the data is, the more often a backup iteration should be executed.

5. Automate the backup process

The backup process should be automated wherever possible for more efficiency. This will allow to back up the data as regularly as predetermined without monopolizing the collaborators responsible to ensure the backup execution. Manual backups are also possible, however, a tight schedule should be determined and followed strictly.

6. Store backups online and offline to ensure their availability

Backups can be stored either online or offline. When stored offline, there is a distinction to be made between storing them locally or remotely. To ensure the backup availability, it is best to use a combination of an online and offline versions wherever possible. Also, different copies should be made on different media and one copy should be kept in a different location from the original one to protect it in case of a disaster.

A specific way to store backups can be the 3-2-1 method. This is a combination of a local offline backup, a second offline backup at another location and an online backup. In total this means that 3 copies of the data exist, stored in 2 offline storages and 1 online storage.  

The following tables present an overview of pros and cons of what each type of backup storage can bring.

Online backups (cloud):

Backup are always available as the login can be done anywhere and on any device.It can happen that the ransomware has also encrypted the data in the cloud. More and more cloud providers are aware of this and are looking for solutions.
Automatic copies are easier to set up.The organization doesn’t manage its data. The terms and conditions established by the provider and the organization for storing the data in the cloud needs to be reviewed carefully.
It is free up to a certain storage capacity. The free storage capacity varies between 2 and 10 GB. Additional storage capacity is charged.Copying large amounts of data using Wi-Fi requires more cost for the internet connection.

Offline (external hard drive):

The organization manages its own data.You have to remember to regularly synchronize with your hard drive and make a backup.
The organization can restore the data quickly on its own.Your backup is often in the same physical location as your hard drive, so no extra copies are available in the event of fire or burglary.

7. Secure the access to backups with strong passwords and Multi-Factor Authentication

Having all the necessary data and resources backed up is crucial for an organization. However, backups are also a potential target for cybercriminals, which makes them vulnerable. It is thus important to ensure their protection by implementing specific security controls to ensure they cannot be tampered, deleted or modified.

The access to the backups should be limited. Not everyone within the organisation needs to be able to read or modify them. Only people working directly on them should have access. This also includes the specific people involved in the incident resolution process as they will be the ones to recover the data and resources when needed. In addition to restricting the access, strong authentication should be set up by enforcing the implementation of a strong password and Multi-Factor Authentication. Multi Factor Authentication requires a user to provide at least two different methods (e.g., passwords and PIN code, PIN code and a code received via text) to verify their identity and grant them access to the resource they are trying to reach.

The aim of this content is to share and raise awareness of good cyber security practice. 
Some of this advice may apply differently depending on the context of your organisation.
Always comply with the policy and instructions in force in your organisation.
If in doubt, always ask your IT manager for advice first.