A proper backup strategy should be able to save your company’s data from any possible disaster event.

It immediately follows from this statement that an incomplete or poorly designed strategy can cause significant, if not total, damage to your company in the event of an accident.

Leaving aside the fact that today with the privacy law, better known as GDPR, it is actually made compulsory for any company or shop to put in place a backup plan.

However, it is a practice aimed at your own protection; protecting your data, hence the wealth of your company, should be your top priority.

When starting a new business, disaster is always the last thing on your mind, you start by planning a sales network, production systems, offices and structure.

It often happens that you forget that it can take very little to wipe out all the know-how, archives, invoices or fundamental documentation through which you were able to run your business.

Let us now take a look at the steps to plan a good backup strategy.

Analysis and identification of data

The very first thing to do is to study the data, i.e. to identify all the devices that can store information and within which to circumscribe the zones (or directories) in which it is stored.

It tends to be the case that the more devices or zones in which data is stored, the more complex the backup strategy becomes. It follows that an archive on a single server is easier to manage than 10 different devices.

Following the identification of the location, it is necessary to analyse its weight. Thus, a very large archive in terms of space will require a more complex strategy than a very small archive.

Priority analysis and data value

It goes without saying that not all data is important, some may be vital data for your business, others less so, some may be more sensitive data others more technical.

It is therefore necessary to define a list of priorities; this list will be useful later on when the backup strategy has to come to terms with the budget.

This is because very complex backup strategies often overrun the budget that the company can allocate. Faced with this circumstance, it is therefore crucial to understand where it is possible to skimp and where it is not appropriate.

Risk analysis and corporate network

In order to implement an appropriate backup strategy, it is important to identify all possible causes of data loss.

It is therefore important to have a good knowledge of the company’s IT infrastructure, network connections and possible Internet connection.

The choice of strategy is very much influenced by this infrastructure, let us take for example a business in which there is no Internet connection. It will be extremely difficult to receive attacks from outside, but it will be equally difficult to take a backup outside the facility in an automated manner.

Another important element is also the weight of the data in relation to the speed of the Internet connection. In fact, if your company has a 100Terabyte archive but a 2Mbit DSL connection, it could take a week to transfer each backup. Creating quite a few difficulties for the offices that will not be able to surf the Internet.

To overcome these problems of internet connection saturation, an incremental cloud backup could be chosen. That is, transferring only those files that are created, modified or deleted from time to time.

Choice of backup type

There are basically 3 types of backup: full, incremental, differential.

– Complete: backs up the entire archive, regardless of any type of modification.

– Incremental: backs up only those files that have been modified between source and destination, also known as mirroring, thus preserving two mirror copies of the archive.

– Differential: copies only those files that have changed, but in relation to a predefined full backup.

Each of these backup types can be developed locally (within the company walls) or remotely (in the cloud or on the Internet).

There is no best and worst solution, there is no perfect solution and there is no certainty in backup strategies, we always talk about risk mitigation.

So the best strategy is the one that reduces the risk the most in relation to the economic impact for the company.

What risks should be considered in the backup strategy

• Fire: the easiest thing you can imagine is a fire as a result of which you could lose your entire data archive. An insurance can solve the economic aspect by allowing you to buy back the equipment but certainly not the data.
• Theft: Another classic situation in which PCs, servers and any other valuable asset can be stolen, again there can be a total loss of the archive and potentially a data breach. In the event of a data breach, thieves could access information and publish or resell such data with damage potentially well beyond imagining.
• Hacking: as a result of an act of hacking you could receive damage, tampering, deletion of files or the entire archive, thus a risk of data breach.
• Viruses and Trojans: due to manual intervention, misuse of software or surfing the Internet, infecting devices and archive files. In this case, the damage may be limited to the loss of the archive, but potentially also a data breach.
• Ransomware: this would fall under the category of viruses but deserves more attention as it is the most serious and frequent problem today. It is a computer infection capable of encrypting all your data, rendering them unusable unless a ransom is paid.

Final reflections for a better strategy

To handle minor incidents and for agile data recovery, the use of a NAS (for more information click here) connected internally to the company network is highly recommended.

To avoid theft and fire, it is important to have an encrypted copy of the entire archive outside the company walls. This means an automatic system for encrypting and transferring the backup to a remote and protected space that takes place when the company itself is closed.

To mitigate the damage from a possible data breach, it is highly recommended to encrypt backups, especially remote ones. This way, a possible thief would have no way of reading the stolen information. However, encrypting the archive may make it difficult or impossible to use the incremental backup mode, thus leading to a full backup, which is more costly.

On the other hand, to mitigate the damage caused by ransomware, it is essential to keep several complete copies of the archive, at varying intervals, but for a history possibly no less than 3 months, as the virus’ incubation time could lead to even the oldest backup copies becoming unusable.

Today’s backup strategy is inevitably complex and necessarily customised. The idea of solving everything with one simple backup software is neither credible nor advisable.

To carry out a successful backup strategy, it is therefore always advisable to ask an experienced technician. If you still have any doubts, please write to us.