World Backup Day – why backups are so important, and some data protection tips for businesses

Every day businesses are creating and accumulating data they need to protect from loss. Of course it’s absolutely vital to prevent data from getting out of your organization – but are you sure you can get it back if you do lose it?

The growing threat of ransomware like CryptoLocker and CryptoWall in the past couple of years has underscored the importance of backups, but it’s not only malware that can destroy your important files. There are many ways to lose data, from theft or accidental loss of a device to device failures and natural disasters.

Backups are critical for keeping your business up and running when a data disaster strikes. So, in recognition of these stark facts, and with a nod to World Backup Day, we’re providing some helpful tips on how to preserve and protect your data.

Here are three key things to consider when building or revamping your backup process.

Will you be using physical backup devices, cloud storage, or both? There are a variety of backup solutions, from hard drives to cloud storage. Backups should be stored on a different device and in a different location from your master copies. It’s a good idea to have redundancy in case one of your backup devices is destroyed or fails. If you’re using a cloud service, you need to trust that the provider has adequate protections in place to keep your data secure and private. Make sure you control access with strong passwords and two-factor authentication.

Are you able to recover the data easily? Not only is backing up important, but you need to able to restore the data in a suitable amount of time. Your data is important for your business continuity. What happens if everything goes down and you need to restore it? Downtime to restore data could cause significant loss of business and harm your reputation, stock value, etc. You should verify that a restoration procedure works. There’s no point in waiting until the worst happens only to find out that you hadn’t been backing up the right data, or the procedure wasn’t done properly.

Are you encrypting your backups? It’s all well and good to have data on your desktops, laptops and servers encrypted – but if your backups are stored in plain text, think of what happens if they get lost or stolen. It’s still a data breach, and you may still be culpable under data protection laws for failing to protect data.

5 more tips to secure your data

You need to have a data protection policy. Here are some tips to help you develop a comprehensive data loss prevention (DLP) strategy.

1. Understand what industry and government regulations impact your organization. Be sure to know which laws apply to you in your region. For example, the upcoming EU Data Protection Regulation requires you to protect data on EU citizens, even if you’re not located in the EU. If necessary, consult a corporate attorney to get clarity on detailed requirements.

2. Identify the types of data you have within your organization. For example, you should identify data covered under regulations and your valuable intellectual property. Determine where this data resides so you can identify the systems you need to monitor.

3. Evaluate the risk and impact of a data breach for each data type. Based on this information, prioritize risks and address the most serious first.

4. Educate users. User training, guidelines and acceptable use policies are critical to the success of your DLP strategy and should be factored into the project alongside any IT activities.

5. Deploy data protection technologies to prevent accidental data loss. Accidents happen—people lose laptops, or send emails to the wrong address. Protect against data loss by deploying security solutions such as content control, device control and encryption to render data unreadable without a password.

For more help on creating a DLP strategy, download our free whitepaper, Don’t Let Data Loss Burn a Hole in Your Budget. This paper guides you through the steps necessary to implement a practical DLP strategy (registration required).