Is your company data safe?

One of the most common and potentially catastrophic discrepancies we discover when
auditing new client networks are non-existent or inadequate backup solutions.  
Lost data is irreplaceable. Therefore, companies must prepare for unexpected data loss
events caused by human error, ransomware, or hardware failure resulting in data loss
and extended downtime. Data loss and downtime cause lost revenue or may ultimately
cause the company to go out of business. 

Backup solutions must be in place before a disaster and be maintained. In the past, we
encountered businesses that purchased backup equipment and software but never
maintained it. As a result of an error, the backup process did not run for several years,
and the company’s data was unprotected. It’s easy to get complacent managing and
monitoring backups, but do not make this mistake. Use reliable backup solutions and
monitor them.
 
What can cause data loss
– Local environmental disasters, fire, or flood
– Malware or ransomware attacks
– Hardware failure or theft
– Human error or malicious intent
– Software bugs

What is a good backup plan?
The 3-2-1 backup rule is the starting point for businesses designing a backup solution.

What is the 3-2-1 backup rule?  
– Maintain three copies of company data 
– The 1st copy is data in production use 
– The 2nd copy is a backup on-site on a different storage medium from the
production data
– Store the 3rd data copy at an off-site location

Data Copy One – Production Data
The first copy or production data is on a server in most business settings.
Several hard drives can be configured in a fault-tolerant group to protect the production
data against loss caused by hard drive failure. The group of hard drives acts as a single
storage device. For example, a simple group of redundant drives may consist of two
hard drives that mirror each other. The mirrored set allows one of the two drives to fail
without resulting in data loss or server downtime.   

Data Copy Two – Local Backup to Different Storage Medium
Store a backup of the production data on-site on a storage medium independent of the
production data. Businesses should have a dedicated storage solution for the purpose. 
Copy the production data to the backup storage at a set interval. Most companies will
copy the data once a day, usually overnight. Requirements vary; adjust the backup
frequency to meet individual company needs. 

Access to the on-site backup storage system should be tightly controlled and adhere to
the rule of least privilege. For example, only grant access to employees who need
access to the system to perform job duties. Limiting access helps prevent data loss
because of human error or employees with malicious intent.   
Like the production data, the backup storage system should have a set of redundant
hard drives to protect against hard drive failure. 

Avoid using the same operating system on the production server and backup storage
solution. For example, if your production server’s operating system is Windows Server
2022, utilize a different operating system on the backup storage system, such as Linux,
or a purpose-built backup appliance from a vendor such as Barracuda Networks.  
Using different operating systems on the primary server where the production data
resides, and the on-site backup storage helps protect against software bugs, viruses,
and ransomware attacks that can compromise data on one of the systems.   
Always use unique credentials to access the on-site backup storage solution.

Data Copy Three – Off-site Backup
Periodically save a third data copy at an off-site location. Storing data at an off-site
location protects against fire, theft, and environmental disasters that compromise the
on-site primary and secondary data systems. The off-site backup is the last line of
defense and access to the data should be tightly controlled. 

A cloud-based storage solution from Amazon Web Services or a backup appliance in a
remote office is suitable for off-site backups. In addition, geographical separation
between the on and off-site data helps protect against environmental events such as
floods or tsunamis. 

Data that contains sensitive data should be encrypted prior to storing it on a 3rd party
storage solution.  

Conclusion
Always use reputable backup software and periodically verify the integrity of the
backups to ensure they are functioning correctly.  A reliable backup is a company’s final
safeguard when all else fails.