Backups: The Digital Safety Deposit Boxes

Cyber, Property & Casualty, Risk

In 2017, The Economist declared that “The world’s most valuable resource is no longer oil, but data.” This was, and continues to be a pretty bold statement, however, as businesses continue digital transformations and economies grow to be even more data-driven, it is not hard to become convinced this is the case. With data holding so much value for businesses, it is important to protect the data while it’s being used and from data loss incidents. These data loss incidents can be either intentional or unintentional and can stem from things like ransomware attacks, system failures, user error, or any number of other scenarios.

A critical control that insurance carriers want to see from an insured is having backups of critical data and systems to reduce risks associated with lost data or system downtime. Businesses should identify and protect the data and systems most critical to their operations. It will be different for each organization, so there cannot be a blanket statement for what to backup.

What does my business need to know about backups?

There are many questions that arise for an organization that is trying to determine what their backup strategy should be, including:

  • What should we backup?
  • How often should we backup?
  • How long should I keep my backups?
  • Where should backups be stored?

The first step is for the business to classify the data and systems that are used in their operations. By classifying the criticality to business operations and having that strong foundation, better decisions can be made for all the following questions. For instance, you may want to have hourly, or more often, backups of something like an enterprise resource planning (ERP) or a transactional system that would be very costly to re-create or would cause great losses to the business if it’s not backed up. On the flip side, systems like payroll may suffice with daily or even weekly backups. These backups should then be kept for as long as necessary for business purposes, while also keeping in mind the risk and value of backups that are outdated.

Backup Storage

When deciding where backups are stored, there are two primary options – local or off-site (or cloud-based). The primary advantage of local backups is the ability to recover large amounts of data quickly. The advantage to off-site backups is that they wouldn’t be lost if a fire, flood, or other physical disaster occurs at the location of the backups. The best advice is to use a hybrid methodology where you have copies of backups in both locations.

Finally, you want to make sure backups are encrypted and immutable. Encryption prevents a bad actor from being able to take your backups and read all the data in them. Backups that are immutable prevent them from being modified.

Testing your backups

A key factor with backups is being able to restore those backups in an event where your business needs them. This is similar to running fire drills so that if/when a fire happens, it is second nature for what to do. Running a recovery test on your backups should happen with some frequency. The value of performing the recovery tests is two-fold. It allows your organization to verify that the backups have not been corrupted or are missing any data. Additionally, it allows for verifying the process to restore the information or systems in an emergency situation.

Key Takeaways:

Overall, backups are something you hope your business never has to use, but they are critical in ensuring that your business is able to recover from an event that causes interruption to critical digital services. Now is the time to reach out to your M3 account executive to discuss backups that can reduce risks associated with lost data or system downtime.

Back to Insight Center