Retention of the Backup
The so-called retention of a backup indicates how far back you can go in the history of backups. It was essential to restore the deletion of a file a year ago. In that case, a backup with one-month retention would not offer a solution.
Longer retention will require more storage, so unlimited retention may sound handy but can add up unnecessarily in cost. Also, pay attention to legal considerations; the law can sometimes prescribe how to store long data.
Location & Media of the Backup
Ideally, you set up a backup using the “3-2-1 Method”. This method states that you have at least three copies of your data, which you put on two different media and one stored in a different location.
Different media can be hard disk, tape, or cloud storage. The media type can help determine the location but often depends on the amount of data to store. Also, remember that the space a backup needs tend to grow over time. It is highly dependent on the retention and frequency of backups.
Access & Backup Security
It’s essential to think about protecting backups in terms of access. If, for example, a backup media is stolen, you can save it using encryption to ensure that someone cannot view it.
It applies both physically and via backup software. Also, consider who within your organization may have access to the backups. If you usually have the classification of a right not to make all data transparent to everyone, someone could access this data through obtained access.
When determining the backup frequency, you must consider the data that can be lost in an incident. For example, if you are hit by ransomware at 4:00 PM, and your backup runs at 3:00 AM, you may fail several hours of work. This trade-off is called ‘Recovery Point Objective’ (RPO).
Increasing the frequency could help reduce the number of work hours you could lose in such an incident. A higher frequency of the backup is not always possible due to the time it takes to create the backup or the delay that may occur while it runs.
When an incident affects (critical) business processes, it is crucial to know how long it takes before your data and application(s) are available again. Several factors impact the recovery time, such as the amount of data, the technique used, or the speed of the backup media. You may have to consider what to recover and when to return to work as quickly as possible. You will sometimes have to prioritize repairing essential parts earlier than others within such consideration. This trade-off is called the ‘Recovery Time Objective’ (RTO).
Prioritizing can also help reduce costs because you may have determined that active projects should be available again within a few hours, but an archive, for example, only after a few days.
After establishing a backup, it is also vital that you monitor the backup. Ensure you have good reporting with which you can check whether backups are running and errors have occurred, preferably daily. Even if you have entirely outsourced it, you must receive and review these reports as an entrepreneur. Any mistake must be corrected in time to not run into them when you need a backup.
In addition to monitoring backups, it is perhaps even more critical that you test them. Testing backups is sometimes only done when something needs to be restored. This is due to the reason that testing often costs money and a lot of time. Some backup applications offer the option to run a verification test. Such a verification test checks whether the backup data is in order. This is good to set up, but it is preferable to go a step further and periodically test the backup by restoring it to check for yourself whether it works and the data is intact. You can do a restore test by randomly repairing some files or even restoring an entire system to test applications’ functionality.
Be aware that it is vital to use good segmentation for your backup. You can partly do this with the 3-2-1 method mentioned, where you use different media. In somewhat larger environments, where virtualization is also used, try to separate the backup and production networks. Recent targeted (ransomware) attacks show that a lot of energy is put into encrypting backups. In practice, it appears that insufficient segmentation ensures that you can quickly encrypt the backup. The only option to potentially get your data back is to pay a ransom.About Complete Controller® – America’s Bookkeeping Experts Complete Controller is the Nation’s Leader in virtual bookkeeping, providing service to businesses and households alike. Utilizing Complete Controller’s technology, clients gain access to a cloud platform where their QuickBooks™️ file, critical financial documents, and back-office tools are hosted in an efficient SSO environment. Complete Controller’s team of certified US-based accounting professionals provide bookkeeping, record storage, performance reporting, and controller services including training, cash-flow management, budgeting and forecasting, process and controls advisement, and bill-pay. With flat-rate service plans, Complete Controller is the most cost-effective expert accounting solution for business, family-office, trusts, and households of any size or complexity.