Backing up data is a workforce-wide responsibility

backup backing

Cybersecurity specialist Jon Fielding, managing director EMEA of Apricorn, looks at how to build a 360-degree backup strategy that protects information against all kinds of disruption – and why executing it must be a full team effort.

No business is immune to a cyber-attack, tech failure, or employee blunder that leaves vital data exposed to theft or rendered inaccessible. The growing realization that ‘it could (and probably will) happen to us’ has galvanized the importance of a rigorous backup strategy that involves multiple copies of data in both onsite and offsite locations.

With so many employees now regularly working outside the office environment – and moving and storing data outside the corporate network – it’s also important that all staff have a responsibility to back up the data they create and handle. However, more than 60% of respondents to a recent Apricorn Twitter poll said they’re currently not required to play any kind of role in backing up their company’s data.

Backups are still largely viewed as ‘something IT does’, but this needs to change urgently. Every individual should be required to play their own part in a layered backup procedure that covers policy, education, and technology.

Doubling down on offsite storage

For years, the time-honored advice around backups has been the 3-2-1 rule: have three copies of data, on two different media, one of which is offsite. Many businesses have turned to cloud storage as their offsite backup solution, which makes a great deal of sense, as it offers a convenient, fast, and cost-effective approach. However, headlines such as this one reporting on last month’s Amazon Web Services (AWS) outage have highlighted the massive impact a relatively minor technical malfunction can have if those affected don’t have an alternative route to recovery.

Today’s backup procedures should incorporate more than one type of offsite location – ideally one online, such as the cloud, and one offline – to avoid the vulnerability that comes with having a single point of failure. This will provide the very best chance of fast recovery of information if other copies are damaged, lost, stolen, or unavailable.

One of the most straightforward ways of creating offline backups is to store copies of critical files on high-capacity external hard drives and USBs, which can be disconnected from the network to create an air gap between information and threat. This is particularly important as a defense against the rising ransomware threat, ensuring the business can always quickly restore from a clean, protected data set.

This approach requires IT to explicitly devolve some of the responsibility for backing up information to individual employees. The requirement for staff to take personal action to back their data up locally should be enshrined formally in company policy, and communicated clearly. This alone won’t be sufficient to secure buy-in, however. Employee education is essential – and not only around ‘what to do’ but also the ‘why’.

Building a backup culture

Everyone in the workforce needs to fully understand their responsibilities around data protection, including carrying out backups. This means briefing them on all relevant security policies and processes and providing training in how to correctly and safely implement any storage devices, tools, and technologies they’re equipped with.

That’s the practical stuff. To truly engage employees in their role, and encourage accountability, they need to be made aware of the context around what they’re being asked to do: the specific threats the business faces, the risks associated with failing to back information up properly, and the potential consequences to the business if data is lost or inaccessible – in terms of operational downtime, financial cost, and reputational damage.

Encrypt everything

The encryption of all corporate data as standard – whether it’s being stored online or offline – should be mandated across the business. When information is encrypted, it is unintelligible to anyone who’s not authorized to access it, which keeps it safe and intact whatever happens around it.

Encryption is a vital compliance tool; in fact, it’s specifically recommended in Article 32 of GDPR as a method of protecting personal data. For a breached company, evidence that lost or stolen data had been encrypted removes the obligation to inform each individual affected. Article 83 suggests fines will be moderated where a company can show it has been responsible and mitigated the damage suffered by data subjects.

A company policy that allows only the use of encrypted removable storage devices that have been approved by IT is essential – not only to ensure that the tools are fit for purpose but also to guard against a rising threat that was highlighted by the FBI in January. The bureau warned that cybercriminals are mailing ‘malicious’ USBs to employees in an attempt to trick them into installing malware or even ransomware on their corporate machines. The policy can be enforced by locking down USB ports to only accept approved devices.

Test and review – regularly

Once a backup procedure has been implemented it must be routinely and tested – ideally as part of the company’s disaster recovery process. The entire process should be reviewed, and reinforced where necessary, to ensure that files can be recovered fast and that all data, applications, and systems remain intact and functional.

Backing up data regularly and securely is a key pillar of cyber resilience: the ability to prepare for, respond to, and recover from disruption. Hackers will continue to target employees using tried and tested approaches to gaining access to data, systems, and networks, including phishing, combined with new tactics such as the malicious USB exploit.

Read More:

This puts employees at the very frontline of protecting data – in particular when they’re working remotely. Furnishing them with the knowledge and tools they need to create local, offline backups is critical to maintaining a strong cybersecurity posture in the hybrid working era, and ensuring business continuity in the event of a data breach.

Click here to discover more of our podcasts

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Jon Fielding

Cybersecurity expert Jon Fielding has specialized in data encryption and storage for the last 10 years. He is responsible for Apricorn’s EMEA sales and operations strategy, driving revenue growth, and establishing its channel network. CISSP-certified, he’s been focused on information security for 23 years, working with organizations ranging from IBM to start-ups including Valicert, Tumbleweed, and Ironkey.

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...