Backups: Why They're Essential and How to Do Them Right
Backups: Why They're Essential and How to Do Them Right
Our digital devices contain vast treasures of data, from family photos and music collections to financial data, health records, and personal contacts. As someone who has worked in security for decades, I see daily the devastating impact of data loss and how adequate backups can make all the difference.
Storing all this information on a computer, tablet, or smartphone comes with the risk of it being lost if all that data is contained in a single digital location. It's like keeping all your important documents in a single drawer. If something happens to that drawer, you lose everything.
Why Data Is Lost
Data can be deleted in various ways, and not all are predictable. Perhaps your computer gets wet or a software update goes wrong. A device can be lost in a fire or natural disaster. A virus can steal all your data or destroy your machine.
And there's also the threat of ransomware, which is when malicious actors hold a device's data hostage unless you pay a fee. As CISO of IONIC Health, I see ransomware cases regularly, and the difference between companies that have adequate backups and those that don't is dramatic.
To avoid losing valuable data, documents, and files, back up your files regularly and frequently. You may even want to back up your files daily, or even more frequently, depending on how critical your data is.
A Simple 3-Step Process
A data backup is a simple three-step process. It doesn't need to be complicated.
First, create copies of your data. Many computers come with backup software installed, so you probably already have an option on your device. Most backup software programs allow you to copy all files and programs from your computer. If you prefer, you can also choose to copy only files that have been changed since your last backup, which is faster and more efficient.
Second, set up automatic backup in the cloud, select hardware to store your data, or both. Best practice is to use both. Don't put all your eggs in one basket.
Third, securely store your copied files on a backup device or service. Security here means both physical protection and protection against unauthorized access.
Creating Copies of Your Data
Many computers come with backup software installed, so you probably already have an option on your device. For Mac, you have Time Machine and iCloud. For Windows, there are built-in backup tools. Most programs allow you to copy all files and programs from your computer, or just files that have been changed since the last backup.
The key is to set up automatic backup. You don't want to have to remember to back up manually every time. Set it up once and let it run automatically.
Where to Back Up Your Data
Nowadays, it's common to back up your data in the cloud, meaning online servers outside your device. But you should also back up to a physical device. Ideally, you should back up your data both in the cloud and on a separate device. It's the 3-2-1 rule: three copies, two different media, one offsite.
CDs, DVDs, and USB drives are more suitable for storing small amounts of photo, music, and video files. The number of files these devices can store is usually limited, but they're useful for specific backups or important files you want to have on physical media.
External hard drive is an excellent option. You can easily back up your entire computer to an external hard drive that connects to your computer, usually through a USB port. If your computer serves as the family photo album and music library, an external hard drive can hold a large amount of data. Copying information will also be faster and often automated with these devices.
Online cloud backup services have become very common and usually cost a small recurring fee. Some security software includes this service in their subscription, so check to make sure you don't already have this service available. You simply back up your files to a secure server over the internet. These services have the additional advantage of securely storing your files in a remote location, and files can be accessed anywhere there's an internet connection.
This can be valuable for people who travel a lot and may need to recover files, or live in areas prone to natural disasters that may require evacuation. Again, it's best to use both cloud backup services and physical backups together.
Securely Storing Backup Devices
Keep your physical backup devices secure. It's best to keep them in a location separate from your main device, especially if the data is particularly sensitive. You can ask a trusted neighbor or put them in a safe, but even placing the backup device in another room adds security.
Remember that you should back up your files regularly, so you should be able to easily retrieve your devices. It's no use having a backup if you can't access it when you need it.
For very sensitive data, consider encrypting your backups. Many operating systems and backup services offer encryption. If someone gets physical access to your backup device, your data will still be protected.
The 3-2-1 Rule
As a security professional, I recommend following the 3-2-1 rule for backups:
Three copies of your data: the original and at least two backups. This ensures that even if one backup fails, you still have another.
Two different media: don't make all backups on the same type of device. Use cloud and external drive, or external drive and USB drive. If one type of media fails, the other still works.
One offsite copy: at least one copy should be in a different location than the original. If your house catches fire, a backup in the same house doesn't help. Cloud is ideal for this, but you can also keep an external drive at the office or at a trusted relative's house.
Backup Frequency
Ideally, you should back up your files at least once a week. But for critical data, consider backing up daily or even in real-time. Many cloud services do automatic real-time backup, which is ideal.
Frequency depends on how critical your data is and how often you change it. If you work with important documents daily, back up daily. If you only store photos and music, weekly backup may be sufficient.
Testing Your Backups
Making backups isn't enough. You need to test if your backups work. Regularly, try restoring some files from the backup to ensure everything is working. Don't wait until you need the backup to discover it doesn't work.
Many people discover their backups don't work only when they need them. It's a devastating discovery. Test your backups regularly, at least once a month.
Real Cases
Let me share some real cases I've seen, anonymized, to illustrate the importance of backups.
A small business lost all data when the server was compromised by ransomware. They had no backups. They had to pay the ransom and still lost important data. If they had adequate backups, they could simply restore and ignore the ransomware.
A family lost all photos from a decade when the computer was stolen. They had no backups. All memories, lost forever. If they had backups in the cloud or on an external drive, they could recover everything.
A medium-sized company lost critical data when a fire destroyed the office. They had backups, but all were in the same location. If they had followed the 3-2-1 rule with offsite backups, they could have recovered quickly.
Final Reflection
Backups are not optional. They're essential. In a world where data is valuable and vulnerabilities are common, not backing up is like driving without a seatbelt. It may work for a while, but when something happens, the consequences are severe.
Set up automatic backups today. Don't wait until you need them. When you need them, it will be too late to start.
And remember: a backup that hasn't been tested is not a reliable backup. Test regularly. Verify that you can restore your data. It's the only way to be sure you're protected.
Want to discuss backup strategies or need guidance on data protection?
Connect with me on LinkedIn and let's exchange experiences.
Ricardo Esper is CEO of NESS Processos e Tecnologia (since 1991), CISO of IONIC Health, and CEO of forense.io. Certified CCISO and CEHIv8, he is an active member of HackerOne, OWASP, and the Privacy and Data Protection Commission of OAB SP.