THIS 10th article in a special series focused on cybersecurity highlights another primary protection mechanism: backups.

What is a backup?

Folks in the IT Industry refer to the act of creating a copy of data that can be recovered and restored, in the event the original is lost or corrupted, as a backup. More simply put, a backup is a copy of your information that is stored somewhere else. The size and complexity of your business will determine and drive the sophistication of your backup strategy. Many years ago we referred to all of this as a data protection plan, but that term has another meaning and connotation now.

What should you backup?

If you are not sure, back it up. Seriously, you need to make a backup copy of ALL the data you and your business deem important. Backing up is not only limited to data stored on laptops and servers; you might want to consider doing an image backup (a complete system copy of the applications, operating system and all the settings) of the laptop and your main servers also. You might be paying a third party like Microsoft or Google for your email and another service for data storage, but is your data stored on their services backed up? Check your contracts; you might be surprised. This means you also need to consider the backup for your cloud services.

How frequently should you backup?

If you backup data every 12 hours, you risk losing up to 11 hours of data. You need to decide on the risk appetite of your business, including your recovery time objective (RTO) and your recovery point objective (RPO). If we want to back data up every five minutes, we run the risk of clogging up the network and systems with a lot of backup traffic. A rotation method often used when we first entered the IT Industry was referred to as the grandfather-father-son. This is a standard rotation scheme in which there are three or more backup cycles, such as hourly, daily, weekly or daily, weekly, monthly. Ultimately, the question to ask yourself is, “How much information could I afford to lose if I had to restore from backup?”

Where should you keep the backup?

As we rely more and more on our digital support systems, the minimum for any business should be one on-site backup, one off-site backup, and one cloud backup. The backups should be automated as much as is possible. In your organisation, personal backups by your users (ie thumb drives, DVD's and personal services like iCloud or DropBox) should not be allowed. You have no control over what happens to that data. If your company provides these services to the employees, then that's different; you now have control.

Have you tried to restore it?

Backing up your data is only half the battle; you have to be sure to recover it. Check often that your backups are working by recovering a file and validating the contents.

If your business hasn't invested in any form of cybersecurity protection yet, you're putting your organisation's important data at risk.

Christopher Reckord is CEO of managed IT services provider tTech Limited. Trevor Forrest is the founder and CEO of 876 Technology Solutions. Collectively, they have approximately 80 years of experience helping organisations of varying sizes procure and implement information technology solutions and transform digitally.