World Backup Day: BCDR tips for MSPs
World Backup Day is a time for MSPs and their partners to reflect upon, scale, and generally improve business continuity and disaster recovery (BCDR) programs.
And there’s a good bit to reflect upon this World Backup Day 2023.
Considerations heading into World Backup Day 2023
To start, what unique factors make BCDR investment so important for 2023?
Continuing trends from previous years, ransomware attacks grew by 41% in 2022. These year-by-year increases are due to a constellation of factors:
- Ransomware is increasingly based on extortion rather than data corruption.
- An increase in remote workers presents myriad vulnerable nodes.
- Cyberattack software is scaling up via automation.
- Data monetization is harder to follow and prosecute thanks to a rise in the use of cryptocurrency.
- Increased use of cloud computing makes more companies more vulnerable — nearly half of data breaches are cloud-based.
This and other potential threats require even greater attention than ever to make sure you and your clients’ data is effectively protected.
At the same time, many businesses are looking to scale up, especially MSPs. As economic concerns are gripping the business world, companies may look to scale down internal IT teams. This makes a great opportunity for MSPs. However, to provide the same safety and quality of service, your backup and disaster recovery solutions need to be ready to grow.
Can companies manage these trends as they adjust to this new normal? It’s entirely possible. Improved BCDR techniques and increased general awareness of the importance of data backup are making the online world safer, even if nothing can eliminate risk entirely. While backups aren’t a silver bullet, having a solid backup infrastructure reduces potential threat actor paydays, and thereby motivation for attacks.
All of this reaffirms the importance of World Backup Day 2023, which should reignite conversation around backups and why they’re critical to companies’ safety and success.
The history of World Backup Day
In 1956, IBM engineer Reynold B. Johnson invented the first external hard drive.
Then, sometime in the 1960s, Dr. Joseph Carl Robnett Licklider invented cloud storage.
Nearly half a century later, backups, BCDR best practices, and responsible data management are still on everyone’s mind. World Backup Day serves as a chance to celebrate Johnson, Licklider, and other pioneers of data storage, and to remind everyone to get their own data backup house in order.
For example, BCDR best practices help protect against such catastrophic events as:
- Virus attacks
- Hardware malfunction
- Power failure
- Mistakes made during infrastructure updates
Along with this, building a strong BCDR framework makes it easier for organizations to take on more data and expand their operations. World Backup Day is a special opportunity to bring awareness to the need for backups and data preservation.
Why you need to back up your data
In our worldwide wireless age, data is connected: Yours, your partners’, their customers’— it’s all a sophisticated web of information with a variety of access points, both legitimate and otherwise. This fact can make it hard to instill confidence in a client that your services as an MSP will help protect their:
Data is valuable, especially in electronic form: It’s easy to access, manipulate, share, and sell.
However, not everyone has gotten the message. Many small businesses operate without any sort of BCDR plan. It’s not that these business owners don’t want their data protected; they just don’t know where to start. Which is exactly what World Backup Day exists to do — to provide education on how best to protect “mission-critical” data.
Data backup options for MSPs
If you want to be an effective MSP when it comes to your backup and disaster recovery, you’ll opt for backup options to cover every possible avenue for a full recovery of clients’ vital business data. Download our eBook, 3 Reasons to Rethink your BDR Strategy, for some tips.
There are three main backup options to consider, each with its pros and cons:
1. Local backup
This involves an external hard drive that can be easily retrieved at home.
- Pros: easy to access and control
- Cons: vulnerable to local incidents such as fire and floods, accidental deletion, or when disks/tapes aren’t swapped
2. Cloud/off-site backup
This refers to an online backup service or hard drive securely placed in a non-home location.
- Pros: easy to access from anywhere and safe from local issues
- Cons: can be complicated to setup and secure, vulnerable to human error
3. Offline backup
This involves an online backup service or hard drive which is then disconnected from the network or system and securely placed in a different location.
- Pros: easily accessible, mobile, and secure from cybersecurity breaches
- Cons: vulnerable to loss or theft, hardware damage from environmental impacts, and technological failure.
Best practices for your backup strategy
Viruses, ransomware, and data loss can cause severe repercussions in terms of workflow, security, and ROI. And every business is vulnerable.
You’ll need to evaluate exactly how much downtime a client can take and build a strategy to ensure their system is back up and running within that time frame. Make sure backups are scheduled well in advance of that timeframe to account for any unforeseen circumstances.
Setting priorities for data backup
Once there’s an inventory and you understand where the most important data are located, the next step is prioritizing a backup list.
Consult with data owners, find their priority, and work that into your list. After you have accounted for the important data, fill in the remaining area with items of secondary importance.
A prioritized backup list assures that a client’s business can recover its critical information. Remember, this data is the lifeblood of the organization. Without it, there is no business, no revenue, and potentially no company.
A specific priority list should be created for each data category so there’s a clear plan of action when it’s time to implement recovery plans. We recommend the following order, which can be adjusted to fit specific business needs:
- Finance systems
- Business systems
- Customer service
- Marketing and sales
If thinking of it by application makes more sense for your client, start with this list instead:
- EMH/EHR (healthcare)
- Email (Exchange/O365, etc.)
- File servers and file systems
- Actual servers, workstations, laptops, etc.
Following these steps and prioritizing these data categories ensures your clients will sustain minimal damage if files are lost or corrupted.
The 3-2-1 rule
It’s best to have three copies of your data: 1 primary copy and 2 backups. Make sure to store backups on different storage media and have one of those copies offsite (in the cloud).
Having an “offline” copy
Having the backups stored in an off-site or remote location ensures that in the unforeseen event of a man-made, natural, or geographical disaster, backup copies will remain unaffected. When practical, this backup should be stored offline or secured with immutable storage options enabled.
Securing your backup application
Start with a different (non-user and non-system administrator) set of credentials assigned to the backup or disaster-recovery systems.
If a user account is compromised, then their credentials can’t be used to elevate an attack to the backup solution. Encourage your clients to use two-factor (2FA) or multi-factor (MFA) authentication on those credentials for enhanced security. Also, consider segmenting the backup solution into a separate virtual local area network (VLAN).
Segmentation and the use of VLANs can help prevent compromised on-premises servers or end-user devices, such as workstations or laptops, from attacking or corrupting the backups stored on a different network.
Choosing a backup vendor that offers a hosted service for immutable storage can also be helpful. Backups sent to their immutable storage solution cannot be changed or deleted until a specified time. This solution also allows the organization to have a copy of their backup data stored off-site.
Lastly, it is important to regularly test backup restoration procedures. This process involves routinely testing backup media for reliability and testing the recovery procedure to ensure that during a disaster, the process has been verified and can be replicated quickly and with minimal errors.
A good data recovery protocol can mean the difference between cataclysmic consequences and minor downtime with little meaningful loss. In general, most cyberattacks are focused on compromising data rather than outright destroying it.
Ransomware, however — a notoriously malicious kind of extortion attack — encrypts and destroys data. Because ransomware attacks have proven to be a very successful and lucrative business model for cyber criminals, you can expect to see an increase in the frequency and sophistication of these attacks across the SMB space.
In our webinar, In the Aftermath: Ransomware, industry experts discuss ransomware and how they are adapting to this threat. Contact us for more resources on how to protect your clients from ransomware attacks and assist them in properly testing their backups.
6 quick backup tips
To supplement the BCDR best practices we’ve shared so far for World Backup Day, here’s a quick list of six additional tips you can help your clients implement so they’re prepared to recover from even the worst of attacks:
- Keep a hard copy of procedures and contact information. Review these procedures regularly to keep them up to date and remember to test them regularly.
- Ensure your plan includes the priority restore list we mentioned above. Focus on getting your client’s business back online as quickly as possible by working with them to prioritize the systems or teams they need most and working backward from there.
- Keep isolated backup systems that are regularly tested. If you’re working with local backup, protect yourself with a cloud option that uses separate MFA credentials.
- Check backup routines often to confirm they are running as intended. Test backups at least twice a month and be prepared to improve the processes as gaps or issues are uncovered. You don’t want your clients to be left with a protection issue in the midst of a real disaster.
- If an incident does occur, restart the backup routine ASAP. Back up everything to create a recovery path in case containment or remediation steps destroy data.
- Clock system restores time. Make sure the time it takes to get back up and running fits the downtime threshold for your client that we mentioned earlier.
Whether you’re working with a local system, cloud computing, or some combination of both, these six tips are a necessary part of a strong backup strategy. By following them, you’ll minimize the impact of a crisis and significantly reduce downtime for your clients.
Tools and solutions to support your backup strategy
ConnectWise offers great backup support strategy tools with free trials:
- Intelligent RMM and NOC services
- Remote monitoring and management
- Cybersecurity risk assessments
- IT documentation
- Remote control and remote access
These tools, along with a general awareness of contemporary data threats, can help ensure you’ve got a sufficient data backup plan in place.
Protect your data this World Backup Day
World Backup Day serves as a reminder that backups are a critical component of good cyber hygiene.
Your goal as an MSP is to give your partners’ businesses the best support possible. Your partners are looking to you to provide a backup strategy that can give them peace of mind.
Partnering with a professional service provider can help you handle everything from support to periodic testing and restoration for your clients. ConnectWise offers trials and demos of our data management and BCDR tools. Check out our backup and recovery demo, and reach out today to sample our entire suite of innovative applications to see if they’re the right fit for your clients.