A number of organizations dedicated to online hosting have launched an interesting initiative by naming this day, March 31th, World Backup Day. Who hasn’t ever lost a USB device and has regretted not having a backup? Who hasn’t experienced the death of a hard drive only to lose information that won’t ever be able to be recovered? I’m sure most of the readers have been through this, and that is why I invite you to take this day to think about the importance of backups.
So, if moved by the premise you want to take advantage of today's date to start backing up your systems, I’m sharing the three questions that must be answered before any backing up takes place:
- What information should be backed up? A backup is not only the indiscriminate storage of all system files, therefore it is important in some way (at least in a simple one) to prioritize the information and decide which data needs to be backed-up. For example, a folder containing pictures of your family and children is not equal in value to a folder containing interesting wallpapers. For sure, the first one should be subject to a backup process while the later may be information that the user is willing to lose in case of an incident, since it should be quite easy to recover or re-assemble such data.
- How will the information be backed up? Secondly, it is important to define how will data be stored and backed up. There are many methods and technologies available, and we might mention as the most frequent ones, hardware wise: USB devices (either a pen drive or an external hard disk), optical media (CD or DVD) as well as hard drives in the cloud. Any of these possibilities are viable, depending on the size of the information that needs to be backed up, the costs involved and other factors. Users can choose any of them. On the other hand, software wise, on home environments, the most important decision is whether to use an application that suits the purpose or not. In many cases, back up tasks can be performed manually on a regular basis.
- When will data be backed up? Finally, backups should be performed periodically, but you have to define how often it will be conducted. Every day? Every week? It will depend on how often the information is modified. If a file is stored on a daily progress of a project, probably it will require a backup every day. A folder containing pictures may only need to back it up when you save new pictures. And so on as necessary.
At a corporate level, one more question should be added (since it’s no less important than the previous): Who will perform the backup? On other past projects, I visited companies where they had expensive backup systems (both hardware and software), but they were not used because it was not clear who was to be responsible for the task. Besides, it is notable that in these business environments, it is necessary to implement a backup system that, as noted above, preferably is supported by hardware and software, designed for the purpose, such as incremental backing up tools to avoid storing information that has been already backed up and has not been modified since.
Regarding security controls, backups are corrective measures, so it is worth noting that its importance relies on the need to be accompanied by preventive measures against incidents that threaten the information. For example, during a ransomware infection (malicious code that blocks access to user files and asks for money in exchange for returning them), a backup could be useful for the user restore the information. However, the presence of antivirus software or other preventive measures could directly prevent the infection thus avoiding the risks of not having all the necessary information in the backup copy.
Today is the World Backup Day, so it seemed to us as good reason to remember the importance of backup, and for our readers, we invite you to ask yourself these three questions, and remember that performing a backup can be easier than you might imagine and, basically, it is a great security measure that will surely save you from more than a headache.
Sebastian Bortnik
Awareness & Research Coordinator
ESET Latin America