Data backup has been around since computer data has been created. I remember making copies of my 5 ¼” floppy disks to ensure I didn’t lose my precious data. Ok, they were games. If you never played King’s Quest then you can’t know how precious that data was.
Backups have come a long way since then, yet the common response whether it’s 1980 or today is that there is no real backup solution in place. You’re different though, right? You’ve got a great backup system in place for your business. You don’t have to worry because you’ve got it covered.
Yeah, probably not.
Every 5 years, 20% of small and medium-sized businesses have a major disaster and suffer data loss. One-Fifth of all SMBs is a large number. Every 5 years.
I’m going to give you the benefit of the doubt here. I’m going to presume some things about you and your business.
First, I’ll presume you are not in the 43% of companies that don’t have a backup solution in place.
Second, I’m sure that your existing backups are actually tested as being viable. Viability testing is important because 75% of IT managers can’t restore all of their lost data. 23% of them couldn’t restore ANY of their lost data.
The concept of backing up your data is simple, but those stats should make it clear that the act of backing up your data isn’t. No wonder so many people don’t even bother.
But again, I told you I’d give you the benefit of the doubt and presume all those things don’t apply to you. So you’ve got it covered, right?
Yeah, probably not.
What is now one of the most important things regarding your data backups is data security. The act of backing up your data isn’t enough any longer. Data Backup has changed into Data Protection.
What is Data Protection? It essentially means that your backups need cybersecurity protection.
Cloud-based backups are the most widely adopted backup solution at 84%, even higher at 93% if you’re a small business. Cloud backups have multitudes of benefits such as ease of access and affordability. What they typically don’t have factored in is security considerations.
Cybersecurity needs to be addressed for all aspects of your business, including your backup solution. Some common threats to your cloud backup are:
Data Center Outages
There is nothing mysterious about “the cloud”. Your data is still stored on a computer, it’s just not yours. It’s on a server that is internet accessible. Those servers are computers like any other. They age. They deteriorate. They crash. Data centers can still have outages, which then means you have an outage too.
Ransomware infects your devices and encrypts your data so it isn’t accessible. How do you get around this? Well, you either pay the ransom or you load up one of your backups.
That’s where Sleeper Ransomware comes into play. It’s called sleeper because it infects your devices and stays dormant for a period of time. The goal is to ensure that all of your current backups are also infected as well. Once they activate their malware, you don’t have an uninfected backup to restore to.
Supply Chain Attacks
Why attack you when they can attack your vendor? A supply chain attack focuses its attack on a vendor that many companies use. That attack will then spread to all their customers, including you. Talk about a thousand birds with one stone.
Attackers attempt to get access to cloud data in a number of ways. One way they succeed is actually not of their own design. It’s misconfiguration in your security settings. Misconfigurations are the most prevalent vulnerability that gets exploited.
How do you protect your data?
There are some key things to look for in your data protection solution.
Ransomware will infect every device on your network, and lock down every bit of data that exists. You should have cybersecurity protections in place for both preventing and detecting infections – separate from your backup solution.
Your backup solution should factor in ransomware protection as well. It should be able to cut over to an uninfected backup at any time. Xentric handles this with “chain-free” technology.
Continuous Data Protection
Your data is changing constantly, and your backup should be looking for those changes and making copies based on that activity – not on a schedule.
Continuous data protection ensures that your systems are capturing the latest version of every file change. This reduces the loss that can occur before the next full backup.
Like your cybersecurity measures in place on your network, your backup solution should be able to detect malware and viruses to prevent them from invalidating your backup.
This helps prevent sleeper ransomware from infecting all of your backups.
Zero Trust Access
The largest push in cybersecurity from every company has been that of zero trust. These measures presume you do not have the rights to access data until you prove otherwise. Just because you are inside the office doesn’t mean you should be trusted. Just because you had access yesterday doesn’t mean you should have it today.
Zero trust can be implemented in a number of ways and intensities, but the basics tend to revolve around using Multi-Factor Authentication, Role Permissions, and Contextual Authentication.
Even with a valid backup, if something happens to that data then you can still experience loss. Cloud backups should be made in copies, having redundancies that prevent data loss in the event of a failure to one copy of the backup.
Sensitive data should be kept separate from your normal data. This process is called Air Gapping (referring to a metaphorical gap of air between the protected data and everything else). This can be done with a physical separation or network separation. This helps prevent access to it in the event of a data breach or infection, keeping your vital data safe.
Do you have questions regarding your current backup solution or need advice on what protections to put in place? Feel free to reach out for a free consultation where we will review your options.