The Australian Cyber Security Centre’s Essential Eight guidelines mandate regular backups. When planning backups, we need to consider the following:
What: Identify what data needs to be backed up.
When: Determine the frequency of backups — daily, weekly or monthly.
Where: Decide where the backups will be stored.
Firstly, the ‘what’. Every business is unique, and backup needs can vary. Backups can include files, pictures, databases — essentially anything critical to your business. Losing this data, whether through deletion or encryption in a ransomware attack, could be inconvenient or even catastrophic.
Next, let’s consider the ‘when’. How critical is your data, and how much delay can your business tolerate if you need to restore from a backup? Can you afford to be a day behind, a week or even a month? The frequency of your backups should align with the importance of your data and your specific business needs.
Finally, let’s address the ‘where’. This is one of the most critical decisions you will make. First, let’s explore some common backup locations.
External hard drive: The traditional USB drive can be plugged into your server or wherever your critical files are stored. This drive should be swapped out according to your backup schedule. However, this method relies on someone physically changing the drive, which can be problematic if the drive is forgotten or not replaced regularly.
Off site: This could refer to various options such as a second office or cloud storage solutions like OneDrive, Dropbox or Google Drive. Windows OS allows users to automatically back up to OneDrive. Many of these services offer version history and deletion recovery to restore deleted files. This option may be suitable for small businesses as it is relatively inexpensive or even free, depending on the size of the data being backed up.
Dedicated online backup services: There are many services available that offer online backups. When choosing one, look for a provider that has data centres in Australia. This can help ensure compliance with any government requirements you may need to meet.
Whichever method you choose, one of the most critical considerations is who has access to the backup. For instance, if you use a service such as Dropbox or Google Drive that everyone in the office can access, this is not ideal. Any staff member with access could accidentally delete the data. Additionally, if a staff member’s device becomes infected with malware or ransomware, the backups could also be compromised. Therefore, it is crucial to limit access to your backups to only those who absolutely need it to minimise these risks.
Another important consideration is encryption. Is your data encrypted? Over the years, we’ve seen instances where celebrity accounts have been hacked, leading to the leak and distribution of their personal data and pictures. If you store critical private business files in a service that gets compromised, your data could be exposed through a compromised login.
Professional online backup services typically offer encryption, ensuring that all your data is encrypted and only you, the client, have the decryption key. Additionally, you can use Windows BitLocker to encrypt USB drives, making the data unrecoverable if the drives are lost or stolen and the decryption key is not available.
Ultimately, it’s your data, and you have the flexibility to choose one or multiple backup methods. Less critical data can be stored in one location, while confidential files can be encrypted and stored in another. By diversifying your backup strategy, you can ensure that your data is both accessible and secure, tailored to meet the varying levels of importance and sensitivity.
As always, if you found this interesting or have any suggestions for future topics, please reach out to us at askatech@mmg.com.au