We have blogged extensively on how and why you should backup your data. However, as we have all gone to a more remote working scenario due to current events, it is even more important to ensure your valuable data is backed up. During the pandemic we have seen an increase in cyber attacks, and in particular ransomware attacks that pose a real threat to businesses of all sizes as well as consumers.
We have long advocated a multi-point policy related to backups:
- Backup frequently
- Backup to offline storage
- Place a copy of the backup in a remote location.
Backups should also be:
- Easy to access in case you need to restore a set of files
- Secured against unauthorised access (e.g. encryption, locked safes)
- Secured against damage to the media due to fire, flood, natural disasters, etc.
Your data starts life on your live file system in your PC/mobile device, or in the case of a business a file server of some form. This is where the primary backup should be sourced. If you have a desktop PC, or a server, you can dedicate a separate hard drive as the backup disk. This provides easy access in case you need to restore files. If you have a laptop, this dedicated disk could be an external hard drive or Network Address Storage (NAS) Drive.
If you have a mobile device (e.g. a phone/tablet) it is easy to connect a cable to the device and store valuable data on another device. You shouldn’t rely on cloud backups as your primary source – take your data (photos, etc) off your device and subject them to your regular backup regime.
You should consider encrypting the individual backups as well as the drive they reside on.
Whatever you use as your backup disk, a copy should be made onto a separate disk and kept separate from the primary backup and disconnected from the network and primary device (PC, server, phone). There are several options here. The hard drive could be placed in a desk drawer, but the better solution is to buy a fire safe. These come in various forms from lock boxes that are fire resistant to wall safes as well as filing cabinets size safes. There are also industrial solutions. The safe should be able to store all your backup media and this should consist of:
- Your data backups, e.g.
- Personal Data
- Financial Data
- Business data
- Restore media for your PC’s and devices
- Software installation media (e.g. installers, DVD copies)
- Important paper documents (e.g. Wills, Insurance documents, dead’s).
If you are storing hard drives make sure there is sufficient padding to protect your drives (e.g. line it with bubble wrap) andif you use bare desktop type hard drives, put the disks in resealable anti-static bags that are big enough to enclose the hard drive (normally a bag 17 X 22 cm is sufficient for a 3.5″ desktop hard drive).
The firesafe should be:
- Able to withstand high temperatures for at least 30mins (typical specs are a minimum of 30minutes at around 850oC)
- Lockable with at least two keys or a combination lock
- Have some specs that show it to be water resistant
No firesafe is totally impervious to sustained exposure to fire, so the higher the temperature/time resistance the better. Equally, water resistance is only rated to a certain depth/pressure.
It is important that the box is lockable, although typical locks won’t pose much resistance to a persistent thief. The main reason for them being lockable is to stop casual use. If the disk is easily accessible by employees or your family, it is so easy to re-use the hard drive and erase the backups.
These backups should be encrypted.
Before the pandemic I was making a third copy of the backup drive and putting it physically in an offsite location. Due to the pandemic, my movements have been severely limited and all the available offsite locations I have access to are limited.
The Offsite location could be:
- A relatives house
- In your home if your primary backup is in the office
- In a bank vault
- In a commercial storage location.
The data contained on the remote copy should be a copy of what is in your lock-box. The disk should also be encrypted to stop casual reading of its contents.
Offsite Storage in the Cloud
I mentioned above that a lot of my offsite locations are no longer available to me, both to store the copy and retrieve it in case I need it. The alternative is to use some form of cloud storage (e.g. DropBox, Microsoft OneDive, Google Drive). A cloud storage service certainly qualifies as offsite. However, if your primary PC is connected to the storage service, it is vulnerable to ransomware and other cyber attacks since it has been proved cloud storage is not impervious to these attacks. If you are going to use a cloud storage solution as a primary backup then make sure you do not connect it to your day-to-day devices (e.g. your PC, Phone).
If you are going to store your backups on a cloud storage service, the standard advice is to encrypt the backups. For businesses there are several option available, but for a consumer using a compression archive utility like WinZip should be sufficient so long at it has at least 256bit public key encryption. The zipped archive could then be stored on the cloud service.
Cloud backups are stored in huge data centres. However, cloud backup is not without its issues and security is often one of them. This includes how physically secure the data centre itself is, whether the data held in it meets encryption standards both in transit and at rest, and indeed whether the data centre is actually based in a country whose security and data protection standards can be deemed compliant with the law in your own geography. For businesses this is particularly important, especially for regulated businesses since your regulator may insist your data is stored in country. Then there is the subject of privacy and data breaches to consider. If you are in an EU country (including the UK), then you are subject to the GDPR. There are a lot of free or low-cost cloud backup services out there, but you could be breaking the law, and exposing yourself to prosecution if a breach occurs, by using them especially for business data such as client lists and transaction information.
This also applies to your personal data on your home PC’s since this will contain banking details, your contacts, personal identifiable information (e.g. images of passports), etc.
You need to define a backup policy that suits you. My personal approach is as follows:
- Automated full monthly backups of all high traffic/frequently changing files
- Automated daily incremental backups of all high traffic/frequently changing files
- Annual backups of archived information
- Monthly incremental backups of all archived information
- At least Monthly full copies of all backups to an external/offline hard drive
- At least Monthly copies of all high traffic and archive information to a cloud storage.
Depending on how rapidly your frequently used files are changing, and how critical it is to recover these files in case of a failure, you may want to backup more frequently than daily, for example hourly.
The automated full monthly backups provide a point in time backup – anything on the storage media at the time is copied and secured. Daily incremental backups just take any changed files since the last Monthly/Daily backup and secure them. These backups are typically on your active server/PC since this is where they were created. These need to be saved to your offline backup media at least weekly, if not daily.
The archived information are typically files that are not changing rapidly. This could be past projects, archived billing information or in a consumer case your electronic bills and bank statements. An annual full image of the this data is sufficient to give you a point in time to restore to. Monthly incremental backups provide an update and additional restore points. When this archive data is created it should be included in at least one Monthly full backup and at least one daily incremental backup. These archive backups should be stored to your offline backup media.
All these backups should be copied to another Hard Drive and deposited offsite. Using a cloud service for the offsite backup is a reasonable location.
For the most part all this backing up may sound like overkill. And for the normal train of events it will be. However, what if one of your primary PC’s/devices gets corrupted. Hard Drives are mechanical/electronic devices and are only rated for a certain amount of use. Hard drives can be damaged due to movement, magnetism and impact. You may lose the device or it may be stolen. The device could also be attacked by ransomware.
If the only copy is what is on your device, then you may have lost the only copy of that precious photo or the current client list.
If you have a copy of that data at a point in time, you can restore it up to the state of the last backup.
The first source of recovery in the case of a hard drive corruption/failure is the copy on your server or separate hard drive on your PC. If this is intact you can replace the hard drive and restore the data in its original folder structure fairly quickly.
If the primary backup is no longer available, then the next source of recovery is your offline backup. First you need to make sure all traces of any malware/ransomware have been eradicated before you connect the offline drive to your system otherwise that could become corrupted by the malware. Restoring from an offline media should be as quick as from your primary source.
What if your offline media has been destroyed, for example due to fire or water damage? This is where your offsite backup comes in. You will need to retrieve the media from the offsite location, or cloud storage. Once retrieved a full restore should be possible up to the last refresh of this backup.
It is important that your backups should be refreshed on a regular basis to minimise the data loss if you need to recover the data. Your recovery is only as good as the last backup in the location you take it from.
What media should I use?
This is subjective and based on what your needs are.
External hard drives that are encased in a powered case are easy to acquire, and can range from a pocketable device to a desktop hard drive enclosure. These can be accessed via the USB port on your PC. They come in several capacities, but as a rule of thumb, take the highest capacity hard drive you have and double it, or use several smaller capacity hard drives that add up to this capacity and separate out backups across them.
If you are on the road, then a USB Pen Drive is a good option and the higher capacity the better. Pen drives in the 32-64Gb capacity are typically less than £10. There are also pen drives that have a capacity of 1Tb and above, but these can be more expensive based on the manufacturer (I recommend SanDisk).
Unmounted desktop hard drives are the easiest to acquire and store, but are also the most delicate since the electronics are exposed as they are designed to me mounted in a PC or a hard drive enclosure. You can buy hot-swap enclosures as well as devices/hard drive docks that allow you to plug the hard drive in and access it via a USB port. In these cases make sure the maximum capacity of the hard drive enclosure/dock is rated for the hard drive you are going to use.
Doing backups can seem like a chore, except for the one time you have lost that valuable file or you need to restore your PC/Server from a catastrophic event.
Doing Backups needn’t be a chore. Just put aside some time each weekend, or at the beginning/end of the day to take backups and secure them. Use automation to create the backups overnight. Make it a routine.
We are seeing a lot of cyber attacks resulting in ransomware being deployed. In some cases if you pay the ransom you will get a decryptor and be able to restore your files. However, you may not.
Storage hardware is not infallible to failure of any form of damage due to impact, fire, flood, etc. Storage hardware also has a limited lifespan (often around 1000 days – approximately 3 years of continuous use) and will be subject to failure as the drive becomes older.
As a business, you are becoming more dependant on technology and you need to consider the event when you need to recover from a catastrophic event. Doing backups should be part of an all encompassing disaster recovery and resiliency policy that should include:
- Data Backups (obviously)
- Recovering hardware so that your employees can get back to work – this could involve:
- Replacing hardware such as PC’s
- Restoring PC’s and servers
- Repairing devices
- Recovering operating systems
- Automatic failover to a standby system in a separate site/data centre that is a mirror of your primary system
- Recovery of key lost employees and continuity of knowledge
- Recovery of Business Processes to a secondary site in case a primary processing site is taken down (for a lot of people in the last year this has been peoples home).
For the consumer this all sounds too much. However, what would happen if all the photos of the early days of your children were lost in a ransomware attack or the device they were on was destroyed or stolen? Keeping copies of everything, and keeping them up to date is as important for you as it is for a business.
You can download our infographic that supports this blog post on our Infographics page.
The following are additional blogs you might want to look into relating to backups:
- Managing and Securing Data
- Data Protection/Privacy Day – 28 January 2020
- What is RansomWare and How to Defend Against It
- Guidance on Backing up your Data.
Headline image provided by Shutterstock.