This Thursday, March 31 at 9:30 a.m. MT/11:30 a.m. ET, join the National Cybersecurity Center, IBM Security X-Force’s Laurance Dine and Stephanie “Snow” Carruthers, and other security experts for a World Backup Day discussion on best practices, preparedness and more. Catch the conversation on Twitter.

National Backup Day is March 31, which serves as an annual reminder of the importance of backups for cybersecurity. We shouldn’t need reminders, but far too often, we overlook backups as a critical element in our basic security hygiene.

As the threat landscape rapidly evolves, it’s never a bad idea to revisit the role backups can play in minimizing downtime, mitigating risks and improving security posture.

The question may be rhetorical, but still essential to explore: why backup your data?

Backups: Still part of good security hygiene

With backups, you are protecting your company from ransomware and other malware that can lock you out of your files or even erase them. In the event of a data breach, you can restore your data from your backups, minimizing the damage that the attacker can do. Backups are also crucial for disaster recovery. If your primary storage medium fails, you can restore your data from the backup.

When systems are down, the cost to your business is typically substantial. According to IBM’s Cost of a Data Breach 2021 report, the average breach increased from $3.86 million in 2020 to $4.24 million. Plus, despite some companies embracing a return-to-work policy, a growing number of employees are still working outside the office or within a hybrid workplace. The files and data they share could be anywhere, which shines a glaring spotlight on new backup challenges for IT and security teams.

But when it comes to backups, boring is always better than exciting. If you treat backups like you do your personal hygiene — like brushing your teeth, something you do every day — your business can prevent headaches down the road. It’s not exciting, yet we do it every day without thinking about it.

Join the Twitter Space for World Backup Day

Backup processes and best practices 

By adopting sound backup best practices, companies can stay one step ahead of attackers. Ransomware, one of the most common threat types, is only evolving with more sophisticated tactics and techniques.

Backups are often the unsung hero of ransomware recovery. In far too many ransomware attacks, the victims could have avoided significant costs with a solid backup strategy. Scenarios where too much time elapsed between backups, or backups were stored on the same network as the attack, shouldn’t be the norm.

Here are some best practices for backing up your data:

  1. Make sure backups are current and include all the data you need to restore your system.
  2. Follow the 3/2/1 backup rule: three copies of your data stored on two different media types and one remote copy.
  3. Store your backups in a secure location — preferably off-site.
  4. Make sure to backup data in cloud applications.
  5. Ensure backup data is encrypted and cannot be altered. This step is more critical today as bad actors increasingly target both live and backup data.
  6. Backup frequently. How often data is backed up is dependent on sensitivity and will be different across departments and applications.
  7. Automate whenever possible. Backups should be monitored and tested regularly to ensure integrity.
  8. Create a backup communication plan to ensure key stakeholders are aware of procedures, responsibilities and timelines. Test your recovery plan frequently.

Finally, backups should leverage both disk and cloud. Combining local and cloud storage locations is probably the most effective backup strategy. When backup data is readily available on a local disk, organizations can take advantage of speedy recovery times. With cloud, remote backups minimize risk from malware, disaster or other threats.

The best advice: pretend every day is National Backup Day. After all, the next day is always April 1. If you forget to back up your data, the joke may be on you.

More from Risk Management

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today