Backup strategy for your SME

A backup consists of digital data that are manually or automatically copied onto storage media such as an external server, a portable hard drive, a NAS (Network Attached Storage) system or magnetic tape. External cloud backup service providers can also be used for backing up data.

Advice: Check your backups at least once every six months to make sure that they work. For businesses with a high dependence on IT, shorter intervals between checks are recommended.

Backups should be performed daily. For additional security, a grandfather-father-son scheme (multiple backups taken at different intervals) should be applied.

In an SME with a five-day work week, a full set of backups taken under this scheme could look like this:

• four son backups (daily from Monday to Thursday; Friday is kept as a father backup)
• four father backups (weekly, every Friday of the month)
• twelve grandfather backups (monthly, on the last day of every month)

Using relatively little storage space, this scheme ensures that all data are stored in the short, medium and long term and that any data lost can be restored from a previous level, at least to a large degree.

Regular backups are essential in order to get up and running as quickly as possible after an incident. The more recent the backup, the faster your business can return to normal operations.

Advice: It is advisable to simulate a disaster recovery from the backups from time to time so that you are familiar with the process and can respond efficiently and effectively in the event of a problem.

To determine the security measures for the backups, you have to establish the confidentiality level of the data. This means clarifying whether certain data have to be, for example,

• backed up separately
• encrypted with a special password
• subject to special rules if kept off-site
  

As a business, you are also legally obliged to store certain documents for a particular time period. If these documents are lost, there are legal consequences. In both instances, a well-considered customized backup/archive concept will help.

Advice: Personal data must not fall into the wrong hands. This is why backups that are kept off-site have to be encrypted.

The correct backup strategy for a business depends on a number of factors. The size of the business and its budget, dependence on IT, resources, restoration time and other business-specific requirements have to be taken into consideration. Many experts recommend the 3-2-1 rule. It sets out the minimum requirements for a responsible backup strategy and can be applied to companies of almost any size and IT budget. This rule ensures that data are protected at three levels, eliminating most data loss risks.

3-2-1 backup rule

• Keep three copies of your digital data. The first one is the version that you work with productively. The other two copies are backups.
• Store your digital data on at least two different types of storage media (e.g. NAS and cloud).
• Keep at least one copy of your digital data off-site. Nowadays, hacker attacks are increasingly aimed directly at the back-ups of companies or private customers. In order to increase the probability of a successful ransomware attack, they encrypt or delete backups. To prevent such attacks, it is strongly recommended to use methods such as offline backups or unalterable backups (using WORM technology - Write Once Read Many). Important: it is imperative that it is impossible to manipulate, damage, destroy or steal the created data copies.  

Contact your IT consultant or one of our specialist partners to implement your backup strategy.

Advice: Don't compromise when it comes to protecting your data. If you lose your data and don't have a functioning backup, the future of your business is at risk. It is advisable to approach this topic in a professional and structured way to minimize the risks as much as possible.