Originally posted December, 2020. Updated August, 2021.
Ensuring you have a data backup plan is crucial for protecting the continuity of your business. There’s an old saying that businesses that manage their own backups fall into two categories — 1) those who have lost data and 2) those who will. There are many ways your business can lose its data. Employee turnover, natural disasters, and accidents can often occur with little or no warning. With ransomware and malware developers becoming more persistent and creative with their attacks, protecting your data can feel like a moving target. This is why many businesses are partnering with a managed it service provider who can help fine-tune their backup plans.
So, what does a good backup structure look like?
If you only have your data backed up on a single device and it is lost or stolen, your data may be unrecoverable. And having paper copies or backup tapes of business data isn't adequate or efficient for data protection.
You should consider backing up your data using the Rule of Threes. This means you should have at least three copies of your data, store the data on at least two different media types and keep at least one of those copies offsite.
- Your local copy. Users can rely on their local data as their primary source of access to their files. We’d recommend creating backup copies at least once every day. However, the more copies you can reasonably make, the better.
- A local backup on a different device. If you have any problems or failures with your first copy, this data will still be available to be recovered.
- A copy stored securely offsite. This copy should be separate from your network and the rest of your data. If anything happens to your location or the equipment at your location, your data is safe and sound. Cloud-based backup solutions can assist in these instances. The cloud uses offsite data centers and in the event of an onsite disaster, data centers are more reliable than other methods of keeping data secure.
What is an image-based backup?
Image-based backups are essentially a snapshot of your data at that moment. It can retain a copy of a machine’s operating system, including system state and application configurations, as well as the data associated with that machine. The data captured in this copy is saved as a single file known as an image. Each image represents a single point in time, which makes it easy to restore a specific file at a specific point if you need to.
How often should I be backing up?
Because your data changes every day, you should be backing up at least once a day.
Now that I have that setup, how long should I keep the data?
The decision regarding retention should be based on business needs (how far back might your staff need to look?) and any legal and/or contractual obligations (do you have clients/customers that have their own set of requirements?). All of this should be properly documented so that there is no guesswork involved.
You should also consider what would your business do if it needed to recover data from 45 days ago? What happens if your data gets corrupted and you need to roll back from 2 years ago? What happens if you don’t notice that data has been lost until months after the event? The answers to all of these questions will determine how long you keep your data.
Your business insurance may also come into question. If your business suffers from a cyber-attack or is infected by ransomware, you need to be able to recover your data so you can continue to serve clients as usual. If you have taken insurance coverage, need to claim for full system recovery and data restore and you are found to only have limited data retention and backups, you could find that your insurance policy does not cover your loss. On a practical level, if you only have 30 days of backup to revert to and if these are also compromised, you have no data restore point at all to start from.
Why do I need to back up Microsoft 365 if it’s already in the cloud?
Microsoft 365 retains data for you to do point-in-time recoveries, but only within the last 30 days. If you need to recover data beyond that 30-day limit, a litigation case may be required to allow you to retrieve that data.
Want to know more?
Check out our webinar to learn more about how and why a backup plan is so important for your business.