5 Good Reasons You Must Backup Your Data
Data loss can leave an enterprise empty-handed, but also have them staring at potential hefty fines and a serious loss of goodwill. The cybersecurity landscape in 2018 was rife with incidents that ranged from ransomware attacks to data breaches. Several of these affected what many considered trusted organizations and resulted in focused scrutiny on the level of data privacy they afforded. 2019 hasn’t been very different with major market players continuing to make headlines and light up the regulatory radar like it were Christmas!
One of the best defenses against cyber-attacks like ransomware is to have a secure backup of all your data. While accidental data loss in itself is a great motivator to start backing up, there are also other factors which make backups a no-brainer. While we can go on about the many different reasons to consider a strong backup strategy, we’ll give you the five most common and important reasons that would make you jump on the backup bandwagon. In our experience, besides accidental data loss (i.e. spilling coffee, disks gone bad, lost laptops etc.) we’ve seen most businesses list one or more of the following reasons as the rationale for why they care so much about their backups. Let’s take a closer look at each of them…
- Regulatory Compliance:
Many businesses function in highly regulated verticals like banking, financial services or healthcare. Even companies outside these verticals if doing business internationally need to stay compliant with regulations like Sorbanes-Oxley (SOX). The accountability that these regulations impose, drives businesses to put together processes in place to preserve and secure their data assets.
GDPR, the sweeping new data privacy regulation brought into effect last year by the EU is now in force, and applies to all companies collecting and processing personal data of EU subjects. The GDPR regulation requires data breaches to be reported within 72 hours of discovery. In fact Google and Facebook were hit with lawsuits to the tune of $8.8B the very day GDPR came into effect, and since then Honda, Flybe and a host of others have already been impacted. GDPR is a regulation with considerable teeth, and failure to comply has already led many organizations to cough up huge sums in penalties.
Since the time GDPR came into effect, a wide-spread awareness around privacy has led many countries across the world to draft laws with the principles underlying GDPR as the basis
Having backups of data is one of the most essential steps to gain compliance and GDPR expects that businesses should have “A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of data processing”.
Ransomware is a form of malware that has existed for well over a decade but has really taken on a visibly destructive form over the last couple of years. It operates by encrypting ﬁles on the infected computer and then demanding a bitcoin ransom in return for the decryption key.
On an average, ransomware costs companies $75 billion each year worldwide and the frequency of attacks is increasing. The malware underground sells RaaS (Ransomware as a Service) software to enable malware authors to easily create ransomware variants and turn them loose on unsuspecting businesses. In just the last month, two Florida cities were attacked – Riviera Beach paid $600,000 in ransom and Lake City almost $500,000 to get their data back. Loss of data via ransomware can also disqualify a business from compliance causing other regulatory fines to mount. Is it now commonly acknowledged that the best defense against ransomware is to have a secure backup – so the business cannot be held hostage by the attacker. Best practices dictate that you place your backed-up data in a geographically separated location (possibly a cloud destination) and ensure it is securely authenticated – preventing ransomware from spreading to it.
- Insider threats
One more driver for backups is insider threats. This could be a malicious employee trying to get back at their employer, or a disgruntled worker trying to cause damage before they leave the organization. A common occurrence is the deliberate deletion of valuable data from company assets before the assets are returned.
Automatically scheduled backups which work silently and reliably are the best way to protect against such an eventuality, and we’ve spoken with a number of customers who implement backup strategies for this reason alone.
- Disk encryption
One more interesting driver for backups is actually use of full disk encryption tools. Many enterprises fear that the encryption software may deny data access to the enterprise or to a knowledge worker should they forget their decryption password or simply if the encryption software should malfunction.
This could result in serious and irreparable loss of valuable data. Clearly, having a redundant copy of the latest data in a secure location is the best hedge against this kind of an occurrence.
- DIY just doesn’t work
Administrators have forever tried to get end users to take responsibility for their data. Or to make sure they copy data onto a file server, or into their OneDrive folder, or make a backup to external USB drives. Unfortunately, we are yet to find a single administrator who can tell us that such a “Do It Yourself” approach worked. Leaving end users responsible could leave you at the receiving end of a regulatory compliance penalty or a lawsuit. Have an enterprise grade solution which can give you daily/weekly/monthly reports on backup performance is an essential part of an Administrator’s toolset and should not be overlooked.
Are there other interesting reasons that you see businesses implement backup? We’d love to know. Please write us at firstname.lastname@example.org.
A free webinar that focuses on demystifying common misconceptions around SaaS and data protection.