Defining Backups
It is critical that companies have a formal, structured data backup policy and procedure to ensure that they are operating in compliance with UK GDPR and the Data Protection Act 2018 and are protected against natural disasters and cyber threats. Having working backups allows companies to fully retrieve and accurately restore data in a timely fashion when unforeseen circumstances may arrive. Backup and recovery plans help ensure the confidentiality, integrity and availability (CIA) of critical data.
Backing up data is the process of copying and safely storing data on a different network or server from that of the original copy. Critical data to a company should be regularly backed up, securely stored and archived accordingly.
Data that should be backed up includes both internal and external system resources, involving anything that could compromise the CIA of a company.
Types of Backups
- Full backups are the total backup of all data held within a company. This is the most comprehensive and time-consuming form of backup. As a minimum, full backups should be conducted once a week.
- Differential backups – backup files that have changed since the last full backup was performed. They typically only save new or edited data. Ideally differential backup should be conducted daily.
- Incremental backups are essentially backups of all files that have changed since the previous backup was conducted; regardless of the backup type. Incremental backups should be conducted as necessary.
Types of Backup Scheduling
- Manual backups are performed by an individual selecting what data needs to be backed up and deciding what device it will be stored on. This tends to create more flexibility and customisation to the backup process, however it is not a viable long-term solution.
- Semi-Automated backups are performed through the use of backup tools and software; however they still need someone to instruct the backup process to start. These backups are often prone to human error such as missing the critical time for the backup to begin.
- Completely Automated backups are run through tools and software that ensure the backup process is run on a regular scheduled time. They also commonly provide reporting metrics and other critical information.
Backup Storage
- Onsite backups are stored on the premises; either connected to the local network or isolated from the local network.
- Offsite backups are stored off the premises; isolated from the local network or disconnected completely.
- Cloud backups are stored on a separate system and can either be private or public.
For best practice we recommend adopting the 3,2,1 system for your backups:
3 Copies of data;
2 Backups stored in different locations
1 Backup offsite