Data Backup: Why Your Small Business Needs It and How to Get It
Posted in: Commercial Insurance
The prevalence of cyber-attacks has had a devastating impact on businesses over the past couple of years. As a result, insurance companies are now asking businesses to implement certain cybersecurity measures to qualify for Cyber coverage. As we discussed in the Multi-Factor Authentication blog, one of these requirements entails installing Multi-Factor Authentication (MFA) software to add an extra layer of security to your business. I sat down again with Chad Quarles, Senior CISO Advisor from Hartman Executive Advisors, to discuss data backup this time – another protection measure most insurers are increasingly requiring.
PSA: What is data backup?
Hartman: Backup and recovery describes the process of creating and storing copies of data that can be used to protect organizations against data loss. Recovery from a backup typically involves restoring the data to the original location so employees can continue to work, or, depending on the scale of the incident, potentially to an alternate location where it can be used in place of the lost or damaged data.
There are a variety of different backup and recovery strategies, and it is up to each organization to select the strategy that works best for them. When choosing a backup and recovery strategy consider some of these best practices:
- Identify your critical business processes and the different technologies those processes depend on. This exercise will help you ensure that your backup and recovery strategy protects all the systems and data your business needs to run.
- Decide how long your business can go without performing business critical processes. This determines the recovery time objective (RTO), or how quickly you need to recover from backup. Similarly, the business will need to determine how much data loss is acceptable. This defines the recovery point objective (RPO), or how recent the restored backups must be to be successful.
- Don’t rely on a single backup. Duplicate your backups to another physical location or a secure cloud location so you can be confident you will have a copy of your backups when you need them. This is called redundant backup.
- Consider requiring MFA or other security controls to protect access to your backup data. Backups are an attractive target often held hostage by cybercriminals during a ransomware attack.
- Perform regular tests of backups and recovery. Don’t wait until it’s a true emergency to test your recovery plans. Regular testing ensures that restoring your backup runs smoothly when you need it most. I’d recommend performing a restore test at least quarterly to ensure everything is working as expected.
PSA: We often get questions from our clients regarding the difference between cloud backup and cloud storage. Can you please clarify, so businesses can have a better understanding when selecting a data backup platform?
Cloud storage means that your data is stored (automatically or on-demand) on remote servers hosted by a cloud service provider of your choosing and accessed easily from almost anywhere you have an internet connection. Some popular cloud storage providers for small businesses include:
- Microsoft OneDrive
- Google Drive
Cloud backup is a service that stores backup copies of your business’s data on remote servers that you can access from almost anywhere you have an internet connection. Some backup solutions, such as Datto Backupify, BackBlaze, and Veeam, specialize in cloud-to-cloud backups that allow you to restore your data from one cloud storage provider to another. This is an important consideration if your business uses Microsoft 365 or Google Workspace and you’re uncertain whether the Microsoft or Google data retention tools alone will meet your needs.