Let me ask you a simple question.
If your primary computer (e.g. Laptop, Tablet, Phone) were irrecoverably lost, could you get back all the data that you consider valuable that is stored on this device?
If the answer is either ‘I don’t know’, or ‘No’, you don’t have an adequate disaster recovery and/or backup plan. If the answer is yes, then good for you. Either way I suggest you read the full blog post to see if you have an adequate plan in place.
A piece of trivia: 31 March every year is ‘World Backup Day‘. It is a global event where the importance of having a backup of your precious data is promoted .
What is a Backup?
A Backup is a copy of your important data that is kept away from, and preferably on a separate device that is not connected to, the device that contains the original (or cloud storage). Preferably the device you backup to should not be online and stored either in a separate location and/or in some form of fire safe (budget versions exist for consumers).
What is my valuable data?
This depends on who you are. If you are a business (whatever size from a sole trader to a large company) this can be:
- Your financial records (e.g. tax records, invoices, receipts, bank statements)
- Marketing materials (e.g. original brochures, photos of work undertaken, testimonials)
- Project materials (e.g. designs, software you are developing, plans, approvals /planning permissions, evidence of compliance with building regulations)
- Leads/prospective customers (e.g. enquiries, pricing, estimates)
- System backups, so that you can recover the Operating System in the event of a failure back to the last backup.
If you are a consumer this can be:
- Your photos/videos (e.g. holidays, important events in your life)
- Financial records (e.g. bank statements, records of payments, tax returns, receipts, mortgage agreement, loans)
- Home documents (e.g. dead’s, surveys, electrical test certificates, FENSA certificates – all this stuff you will need if you sell your home)
- Contracts (e.g. boiler/gas service contract)
- Holidays (e.g. flight reservations, hotel reservations).
Whoever you are, the list of important documents is very personal and specific to your needs. You need to identify what is important to you and whether or not you could recover it in the event of a disaster.
What kinds of disasters are we talking about?
This could be anything that would make your devices inoperable. For example:
- A Cyber Attack (e.g. ransomware)
- Fire (your house/office catches fire and everything is destroyed)
- Theft (e.g. your device is stolen from your bag, your hotel room or due to a burglary at home)
- You just misplace the device
- Accidental damage (e.g. dropping your phone into a toilet or onto a hard surface)
- Deliberate damage (e.g. someone maliciously deletes information on, or damages, your device)
- The device just breaks down (e.g. the disk drive fails, some other electrical issue).
If you were subject to a Ransomware attack (where your device becomes encrypted by a hacker who then demands payment to decrypt it), how would you recover all your data if you didn’t want to, or couldn’t, pay the ransom? In this case I would never recommend you pay a ransom, but a lot of people do because they don’t have sufficient backups or it is just too costly to manually recover everything. I will be covering this in more detail in a future blog.
What Should I do?
Here is a simple check list:
- Identify what data is important to you
- Establish an offline media where you can store a copy of the data
- Store your copy/backup either in a fire safe, but preferably in an alternate location like a friends home, lock box, cloud storage, dare I say a bank vault?
- Keep your backups refreshed (data gets out of date very quickly)
- If possible automate your backups.
In all cases, it is best to encrypt the disk/device you are storing your backups on, and if possible encrypt the archives especially if you are using cloud storage. A lot of external drives come with basic encryption software, and there are many solutions out there if you are a business. If you have a Windows 10 PC consider BitLocker to Go, which comes with Pro and Enterprise versions of Windows 10.
What kind of backups should I take?
This does depend on who you are and how frequently data gets updated:
- Media (photos, videos) should be backed up very soon after you have taken them, but don’t need to be backed up daily (there may be other things like this, e.g. bank statements)
- documents that are regularly updated need to be backed up daily (and in a highly active environment more often, possibly hourly), and this is where what is called a differential (or incremental) backup is useful that just backs up the documents that have changed
- Periodically a full copy of your important data should be taken so that if you have to recover your data, you just recover the last full copy and your incremental copies in increasing data order – recommended that this is at least weekly, more frequently if you have high turnover of updates
- Copy all your backups to an offline medium and store it in a safe place preferably offsite.
What should I use for Backups?
There are various choices and again it does depend on whether you are a consumer or a business. For a consumer and SMB, I suggest:
- install a second disk into your desktop PC, or buy an external disk for your laptop, where you can use to store your backups as you make them
- Buy at least two standalone external drives that you regularly copy your backups to; the first one is kept in your home/office so you can recover files quickly, the second in an alternate location (e.g. a friends home) and make sure the alternate location copy is regularly refreshed (a routine of cycling the alternate location copy to the in-house copy is recommended)
- You can also consider as your offsite backup a cloud storage service (e.g. DropBox, One Drive, Google Drive or one of the more business focuses services), but if you choose this approach make sure that you don’t have a direct internet connection to this cloud storage as Ransomware has been known to encrypt cloud storage too
- Consider regularly uploading your photos/videos on your mobile device to a cloud storage as you take them (both Android and Apple provide this service)
- Where possible investigate and use some form of automation so that your backups just happen
- Never store backups on the same disk/medium as the original.
Note, the external drive you use could very well be a high capacity USB Pen Drive (say 64Gb and upwards), which are incredibly cheap now. If you are going for one of these, try to go for a high speed device and preferably a USB3/3.1 device.
If you are a larger company, you really need to talk to your IT department/provider to ensure your data is correctly backed up and easily recoverable in the event of a disaster.
How do I make a backup?
This could be as simple as manually copying data to an external drive or setting up your cloud storage service.
If you want to automate regular backups, there are many products that can help you here from something as simple as WinZip, or dedicated backup software. The criteria should be that there is some way to automate the backups.
If you have a NAS drive, these often these come with what is called RAID, which is an automated system that dynamically copies your data to an separate disk in the NAS enclosure (probably more for businesses than consumers but there are consumer NAS devices that support this).
If you have a file server running a server based operating system (e.g. Linux, Windows Server), there are backup features built into these operating systems. This is more of a case for a business, but I know consumers who have this set up as well using NAS storage or a dedicated PC/server.
The purpose of this blog post was never to provide you with detailed technical details on how to establish a good backup solution. The primary purpose was to raise awareness and to make you think about how you could do without all your precious data/photos/etc.
- have started to think about this more seriously, then this has been a success
- already have an adequate backup policy after reading this, then good for you
- have detected holes in your backup strategy then I hope you will be motivated to close them.
If you have read this blog, do not fall into one of the above, and are totally unmoved by this blog, then you are on your own. I hope you never suffer a catastrophic event where your device(s) are destroyed.
Some Cyber Security Researchers have been noted as saying:
There are two types of people/organisations in the world; those that have been hacked, and those that will be hacked or experience some form of Cyber Attack in the near future.
All you can do is take precautions and keep everything backed up.
Look out for a future blog post on mitigating the effects of malware.
For a full reference to the various terms mentioned in this blog post, please look in our Glossary of Cyber Security Terms.
Headline image provided by Shutterstock.