In our hyper-scheduled digital existence, we rely on technology more than ever, and our data plays a critical part in that. As a result of that reliance, all businesses (and individuals) should focus on their current backup strategy to ensure that mission-critical data is protected and restored.
Why should your business care about backups?
Simply put, we should perform regular backups for peace of mind and better sleep. Who couldn’t use that? Beyond that, the biggest purpose behind performing these backups is to minimize the threats associated with ransomware and business disruption. The increasing cost of responding to a ransomware event alone should be enough to motivate a shift in your backup strategy. In 2023, the average cost of responding to a ransomware event was upwards of $1.82 million, while in 2024, the cost increased to north of $2.73 million.
The disruption and impact of a ransomware event or other disaster that could disrupt your operations can have effects beyond the monetary. Reputational damage to a business can be tremendously impactful and long-lasting. The efforts required to regain the trust of your customer base may be even more costly than the actual ransom itself.
What should your business be backing up?
Short answer: Everything.
You should analyze the criticality of your servers and the data contained within each to assess the impact on your organization in the event of loss and determine the importance of backing up these devices to ensure business continuity. Your analysis of data criticality should include all online services your organization leverages in its operations. In addition to that review, be sure to look deeper into the Service Agreements with each of those services to identify what their offerings are within the area of data recovery. Most online services (SharePoint Online, Teams, Exchange Online for example) do not ensure the recovery of your data and only guarantee the availability of the service.
What frequency should you be taking backups?
That answer is found in your organization’s tolerance for risk. At a minimum, you should perform a nightly backup, which is acceptable for many organizations. However, internally, you should discuss how much data is created and modified throughout a business day and the tolerance for having to recreate data that would be at risk during the period between your backup intervals.
Immutable Backups: The moving target
In recent years, the rise of the Immutable Backup, driven heavily by the increase in ransomware threats, has been the solution that technology departments, managed service providers, and executive leadership have been tasked with as cybersecurity insurance providers have increased the scrutiny of the protections currently in place and continue to evaluate the requirements necessary for their coverage.
For those struggling with the definition of Immutable Backups, as it continues to evolve, you are not alone. Immutable backups are designed to be unchangeable and undeletable in order to provide a secure and reliable method for data recovery. This is a means of storing data in a read-only format to ensure resilience from threats.
What’s next?
For those struggling with their backup strategy and how to implement it, look to resources that can assist you with the process and implementation (peers, technology partners, and vendors) to explore options and strategies others are using that have fit the bill. Your backup strategy is critical to the resumption of your business in the wake of business disruption and should be reviewed more frequently than just World Backup Day. Ideally, this reminder on the calendar nudges you and others to continue to discuss this critical topic.