World Backup Day: A recap of past Backup Days, BDR tips & more
World Backup Day, then and now
In 1956, data storage was just beginning to take shape. IBM engineer, Reynold B. Johnson, invents the first external hard drive. Fast forward to the 1960s, when it was believed that cloud storage was first invented. But data backup wouldn’t take a major turn until almost 40 years later.
Since then, backups, BDR best practices, and responsible data management have taken center stage. Ultimately, resulting in the celebration of the holiday we all know and love – World Backup Day.
Since IT admins and MSPs have begun to prioritize backups and increased awareness, significant strides have been made. Here’s a brief look at how backup and data protection stats have changed year over year.
World Backup Day 2021
Although data protection and responsibility awareness has increased significantly, we actually saw data loss numbers worsen in 2021. While this may be a sign of improvements to be made in the industry’s general BDR practices, there were also larger forces at play.
2021 was the first full year of living during the “new normal” spawned by the COVID-19 pandemic. More people were forced to work from home, and cloud storage usage reached historic levels. As a result, threat actors had more opportunities than they had ever seen before.
IBM and Ponemon Institute issued a report in 2021. In this version of the report, they found the cost of a data breach had escalated to $4.24 million per incident. This is the highest cost of a breach in 17 years.
Customer Personal Identifiable Information (PII) continued to be the most hard-hit sector of companies’ data assets. IBM and Ponemon found that in 2021, 44% of the breaches they studied contained vulnerabilities surrounding customers’ personal data. This included customer passwords, email addresses, names, and healthcare data. These PII breaches also remained costly, costing companies $180 per stolen record.
It's important to keep in mind that these numbers come under some unique circumstances. The remote work movement of 2021 created an unprecedented environment and unprecedented challenges for BDR procedures. However, the silver lining in all of this is that it reaffirms the importance of initiatives like World Backup Day – events that can reignite the conversation around backups and why they’re critical to companies’ success.
Don’t get us wrong. We’re not suggesting backups are a silver bullet by any means. But it is important to mention, having solid backups does provide the SMB with leverage to reduce the “payday” for the threat actor and take away the ability to be exploited for profitable gain.
Backups cannot remove the underlying root cause for how the breach occurred in the first place, so please do not lose sight of the fact that other issues need to be resolved quickly.
Backups are important, here’s why:
Your data as an MSP, your partner’s data, and their customer’s data are entrusted to everyone who touches it. We hear this all the time; confidentiality, integrity, and availability are all reasons why cybersecurity matters to your clients.
Information, personal data, financial, intellectual, etc., are all fundamental reasons for planning, protecting, and testing backups for every organization on the planet. Without that data, there is no “worth,” no revenue, nothing to set your clients’ businesses apart from any other company or individual.
Data is valuable, especially in an electronic form. It is easy to access, manipulate, share, and sell. That is why World Backup Day exists, to bring awareness to the need for backups and data preservation.
Many small businesses are operating without any sort of BDR plan. That’s like walking a tightrope without any sort of safety net. It’s not that these business owners don’t want their data protected, it’s that they just don’t know where to start. That’s what World Backup Day is all about – providing education on how to best protect “mission-critical” data. And, as MSPs, you need to show your clients how you can help.
In fact, many of your clients may be ready and willing to implement a BDR plan in their business. But they might be struggling to move past the question of, “Ok, great, what is next?” Well, that next step is easy.
Your clients need to know that planning and preparation are the keys to success – especially when it comes to proper data backups. To begin the process, work with your clients to understand where their sensitive, essential/critical information is stored. The end goal here is to complete a detailed inventory of their data assets. From there, you can start to form a better picture of the necessary details of the overall BDR plan that best fits your client.
What are your backup options?
There are two main backup options to consider, as well as the pros and cons to each approach.
- Local backup: an external hard drive that can be easily retrieved at home
Pros: easy to access and control
Cons: vulnerable to local incidents like fire and floods, accidental deletion, or when disks/tapes aren’t swapped
Cloud/off-site backup: an online backup service or hard drive securely placed in a different location
Pros: easy to access from anywhere and safe from local issues
Cons: can be complicated to setup and secure, vulnerable to human error
Offline backup: An online backup service or hard drive which is then disconnected from the network or system and securely placed in a different location
Pros: easily accessible, mobile, and secure from cybersecurity breaches
Cons: vulnerable to loss or theft, hardware damage from environmental impacts, and technological failure.
If you want to be an effective MSP when it comes to your backup and disaster recovery, you’ll opt for backup options to cover every possible avenue for a full recovery of clients’ vital business data.
Consider your backup strategy
If a critical system is lost, infected with a virus, or a victim of ransomware, it can cause business-crippling downtime. Therefore, the correct backup option needs to be paired with a specific strategy that includes security controls and monitoring to prevent that lifeline from failing in the face of a critical event.
You’ll also need to evaluate exactly how long a client’s business can survive being down and build a strategy to ensure their system is back up and running within that time frame. Make sure backups are scheduled well in advance of that timeframe to account for any unforeseen circumstances and get your data back online faster.
Why should I prioritize backups?
Once there’s an inventory of where all the important data is located, the next step is prioritizing the backup list.
Consult with the data owners, find their priority, and work that into your list. After you have accounted for the important data, fill in the remaining area with items of secondary importance.
A prioritized backup list assures that a client’s business can recover its critical information. Remember, this data is the lifeblood of the organization. Without it, there is no business, no revenue, and potentially no company.
A specific priority list should be created for each data category so there’s a clear plan of action when it’s time to implement recovery plans. We recommend the following order, which can be adjusted to fit specific business needs:
- Finance systems
- Business systems
- Customer service
- Marketing and sales
If thinking of it by application makes more sense for your client, start with this list instead:
- EMH/EHR (healthcare)
- Email (Exchange/O365, etc.)
- File servers and file systems
- Actual servers, workstations, laptops, etc.
Following these steps and prioritizing these data categories ensures your clients will sustain minimal damage if files are lost or corrupted.
Let us not forget about the 3-2-1 concept after the priority has been established. It’s best to have three copies of your data: 1 primary copy and 2 backups. Make sure to store backups on different storage media and have one of those copies offsite (in the cloud). That last one is very important and worth repeating. Make sure one copy stays offsite no matter what.
Why do I need an “offline” copy?
Having the backups stored in an off-site or remote location ensures that in the unforeseen event of a man-made, natural, or geographical disaster, the impact will not affect all backup copies. When practical, this backup should be stored offline or secured with immutable storage options enabled. Remember, your client’s business may depend on this last copy.
What about securing my backup application?
We have a few recommendations for steps to secure both the application and the backups in storage. Starting with a different (non-user and non-system administrator) set of credentials assigned to the backup or disaster-recovery systems.
If a user account becomes compromised, then their credentials can’t be used to elevate an attack to the backup solution. Encourage your clients to use two-factor (2FA) or multi-factor (MFA) authentication on those credentials for enhanced security. Also, consider segmenting the backup solution into a separate virtual local area network (VLAN). Segmentation and the use of VLANs can help prevent compromised on-premises servers or end-user devices, such as workstations or laptops, from attacking or corrupting the backups stored on a different network.
Choosing a backup vendor that offers a hosted service for immutable storage can also be helpful. Backups sent to their immutable storage solution cannot be changed or deleted until a specified time. This solution also allows the organization to have a copy of their backup data stored off-site.
Lastly, it is important to regularly test backup restoration procedures. This process involves routinely testing backup media for reliability and testing the recovery procedure to ensure that during a disaster, the process has been verified and can be replicated quickly and with minimal errors.
A good data recovery practice can be the difference between a successful cyber or ransomware attack causing massive data loss or minor downtime. In general, most cyber-attacks are focused on compromising data rather than the destruction of data. However, this is not always the case.
Ransomware, a notoriously malicious extortion attack, encrypts and destroys data. Because ransomware attacks have proven to be a very successful and lucrative business model for attackers, expect to see an increase in the frequency and sophistication of these attacks across the SMB space. Check out this webinar where industry experts discuss their experiences with ransomware and adapting to this threat. Contact us for more resources on how to protect your clients from ransomware attacks and assist them in properly testing their backups.
6 quick backup tips
To supplement the BDR best practices we’ve shared so far for World Backup Day, here’s a quick list of six additional tips you can help your clients implement so they’re prepared to recover from even the worst of attacks:
- Keep a hard copy of procedures and contact information. Review these procedures regularly to keep them up to date and remember to test them regularly.
- Ensure your plan includes the priority restore list we mentioned above. Focus on getting your client’s business back online as quickly as possible by working with them to prioritize the systems or teams they need most and working backward from there.
- Keep isolated backup systems that are regularly tested. If you’re working with local backup, protect yourself with a cloud option that uses separate MFA credentials.
- Check backup routines often to confirm they are running as intended. Test backups at least twice a month and be prepared to improve the processes as gaps or issues are uncovered. You don’t want your clients to be left with a protection issue in the midst of a real disaster.
- If an incident does occur, restart the backup routine ASAP. Back up everything, even encrypted or infected machines, to create a recovery path in case containment or remediation steps destroy data.
- Clock system restores time. Make sure the time it takes to get back up and running fits the downtime threshold for your client that we mentioned earlier.
Whether working with a system that’s local, cloud, or both, these six tips are a necessary part of a strong backup strategy. By following them, you’ll minimize the impact of a crisis and significantly reduce downtime for your clients.
Wrapping up World Backup Day
World Backup Day is here to serve as a reminder that backups are a critical component of good cyber hygiene and all-around best business practice -- regardless of the organization’s size. The smaller the business, the bigger the impact if something happens with your data.
Remember, your goal as an MSP is to give your clients’ businesses the best support possible. Your clients are looking to you to provide a backup strategy that can give them serious peace of mind. Providing that type of backup and disaster recovery plan (and their implementation) is a big job. It requires focus and an investment in resources to be done properly.
Partnering with a professional service provider can help you handle everything from support to periodic testing and restoration for your clients. ConnectWise offers trials & demos of our data management and BDR tools. Reach out today to sample our entire suite of innovative applications to see if they’re the right fit for your clients.
What is World Backup Day?
World Backup Day is an annual holiday to honor data protection and backup practices. The holiday originally began as World Backup Month and was created by a hard drive company by the name of Maxtor. Maxtor was eventually purchased and became part of the larger IT conglomerate, Seagate Technologies.
When is World Backup Day?
World Backup Day takes place on March 31st of every year.
What is World Backup Day celebrating?
The goal of World Backup Day is to celebrate and bring awareness to data protection. It’s meant to remind IT professionals and home PC users alike to backup and protect their data from harmful hacker attacks or file corruption.
Why should I use a BDR solution for backing up data?
A BDR solution can provide you with all the tools necessary to effectively manage and backup your company’s mission-critical data. Organizations that leverage BDR solutions properly can take advantage of simple management of multiple endpoints, increased data recovery speed, and off-site backup storage. BDR solutions offer these essential tools and more to help your clients to minimize breach damage, data loss, and the complexity of regulatory compliance.