As the shift towards digitalization continues, handling data correctly is becoming increasingly important for SMEs. A loss of data, through an IT failure, a fire or flood in the server room or a cybercrime attack, could threaten the existence of a business.
The answer lies in a well-considered backup strategy. Cyber attacks through encryption Trojans, also referred to as ransomware, are steadily increasing. In these attacks, all of the data of a business is encrypted through malware and then the hackers demand a ransom to decrypt it again. You should never pay this ransom as you would be promoting crime without any certainty of actually receiving the decryption code. We will show you the measures you can take to protect your business data with a structured, comprehensive backup strategy and avoid large data losses and operational disruptions.
What is a backup?
A backup consists of digital data that are manually or automatically copied onto storage media such as an external server, a portable hard drive, a NAS (Network Attached Storage) system or magnetic tape. External cloud backup service providers can also be used for backing up data.
Advice: Check your backups at least once every six months to make sure that they work. For businesses with a high dependence on IT, shorter intervals between checks are recommended.
How often should you create a backup?
Backups should be performed daily. For additional security, a grandfather-father-son scheme (multiple backups taken at different intervals) should be applied.
In an SME with a five-day work week, a full set of backups taken under this scheme could look like this:
four son backups (daily from Monday to Thursday; Friday is kept as a father backup)
four father backups (weekly, every Friday of the month)
twelve grandfather backups (monthly, on the last day of every month)
Using relatively little storage space, this scheme ensures that all data are stored in the short, medium and long term and that any data lost can be restored from a previous level, at least to a large degree.
Why do we need to back up our data?
Regular backups are essential in order to get up and running as quickly as possible after an incident. The more recent the backup, the faster your business can return to normal operations.
Advice: It is advisable to simulate a disaster recovery from the backups from time to time so that you are familiar with the process and can respond efficiently and effectively in the event of a problem.
What are the legal considerations concerning backups?
To determine the security measures for the backups, you have to establish the confidentiality level of the data. This means clarifying whether certain data have to be, for example,
backed up separately
encrypted with a special password
subject to special rules if kept off-site
As a business, you are also legally obliged to store certain documents for a particular time period. If these documents are lost, there are legal consequences. In both instances, a well-considered customized backup/archive concept will help.
Advice: Personal data must not fall into the wrong hands. This is why backups that are kept off-site have to be encrypted.
Which backup strategy is safe and effective?
The correct backup strategy for a business depends on a number of factors. The size of the business and its budget, dependence on IT, resources, restoration time and other business-specific requirements have to be taken into consideration. Many experts recommend the 3-2-1 rule. It sets out the minimum requirements for a responsible backup strategy and can be applied to companies of almost any size and IT budget. This rule ensures that data are protected at three levels, eliminating most data loss risks.
3-2-1 backup rule
Keep three copies of your digital data. The first one is the version that you work with productively. The other two copies are backups.
Store your digital data on at least two different types of storage media (e.g. NAS and cloud).
Keep at least one copy of your digital data off-site (e.g. on the cloud or an offline portable hard drive in an external safe).
Who can provide you with professional assistance?
Contact your IT consultant or one of our specialist partners to implement your backup strategy.
Advice: Don't compromise when it comes to protecting your data. If you lose your data and don't have a functioning backup, the future of your business is at risk. It is advisable to approach this topic in a professional and structured way to minimize the risks as much as possible.