Blog: Why You Need a Better Business Data Backup Strategy
Most businesses backup critical data these days, but do you keep it in more than one place? A famous story that demonstrates why multiple backups are necessary involves the Walt Disney Company's Pixar Animation Studios, which nearly lost the movie Toy Story 2 because of a failed backup.
It began when someone mistakenly ran a command to clean out the company's file system and months of work disappeared from the servers. Then, Pixar discovered data backups hadn't run properly, and it appeared all was lost. What saved the day was the discovery of a copy of the film stored on someone's home computer. Talk about a close call!
While the incident happened nearly a decade ago, organizations continue to learn the value of multiple backups—including copies kept offline—if they face a ransomware attack. It can mean not having to pay hackers thousands of dollars to get critical data back.
The 3-2-1 Business Backup Strategy
No matter the size, every business needs a comprehensive multipoint data backup solution that includes offsite and offline. The most resilient backup plans are the ones that use multiple devices and multiple locations. Enter the 3-2-1 business backup strategy. Long touted by IT professionals and the United States Computer Emergency Readiness Team (US-CERT), the aptly-named 3-2-1 data backup solution for business suggests you have three separate backups stored on two different kinds of media or device types with at least one copy stored offsite.
Hard disk drives have an average lifespan of three to five years. Many devices now come with solid-state drives with longer expected lifespans, but the fact that drives can—and often do—fail shows that having one backup isn't enough. This is especially true if it's stored in the same premises as the primary data and on the same type of media. According to the 3-2-1 rule, it's best to have three copies of data:
- The first copy being the production data that you use every day—so, not really a copy, but the originals that are housed on your devices and network
- The second copy is a backup that you keep onsite for a quick recovery if something affects the original files
- The third copy is an offsite data backup that can be accessed if an office-wide catastrophe compromises both the first and second copies
The second locally-kept backup should be stored on a different device or medium like an external hard drive or a Network Attached Storage (NAS) device.
The last element of the 3-2-1 backup rule is perhaps one of the most important to note—you must keep at least one of your backup copies offsite. An onsite copy allows faster and simpler recovery when you need it, but storing a copy offsite strengthens your data security and provides a safeguard to local disasters that could damage both primary data and your in-house backup copy.
To have a better chance of foiling ransomware attacks, the offsite backup solution should keep multiple copies of the data going back hours or days. That way, if hackers encrypt your most recent backup and demand a ransom for the encryption key, it's still possible to rollover to a previous backup that isn't encrypted.
Offsite data backups can usually be accomplished through the cloud, but first discuss it with your IT team and a trusted technology provider to go through what options and solutions would be best for your business.
Along with knowing where your backups will be stored, also think about when you're going to perform backups and how long you will hold certain ones. While the 3-2-1 rule suggests having two sets of backup copies, you may decide to have a full backup on one device and then specific file backups on an alternate one. This is usually how it's done if your business has a lot of data and storage space is limited by size or budget. There are two different backup practices widely used today:
- Full backups - This is the most basic and most complete type of backup and should be done as soon as you establish a backup plan (or as soon as possible if you've never performed one at all). Even though a full backup requires the most amount of storage space, it takes the least amount of time to restore data in an emergency and allows your business a complete copy of all data in just one place.
- Incremental backups - These only back up the data that has changed since the last full backup, saving on space and making them well-suited for cloud storage.
When thinking about how long to keep backups or when to perform them, keep this storage method in mind:
- Retain daily backups for a week
- Weekly backups for a month
- Monthly backups for a year
- Yearly backups after that
This usually provides ample coverage in the event of an IT disaster and allows you to store all of your business's data in an accessible, efficient way. It's also beneficial to discuss these practices with a managed services provider (MSP) who can help guide your business through this process and give ongoing support and assistance with data backups and data protection.
Don’t Get Caught Out
Backups are a crucial technology process. There are countless ways that valuable data can be lost or corrupted: accidents happen, computers are damaged, employees turn over, ransomware attacks are more and more common, and natural disasters can strike with little to no warning. When these incidents occur, large or small, your job is to keep things up and running—which may be impossible without the proper backup procedures in place.
Whether you already have a backup and recovery plan, or you're just starting to build one, this backup guide can help you prepare your business for inevitable IT emergencies.