This Thursday, March 31 at 9:30 a.m. MT/11:30 a.m. ET, join the National Cybersecurity Center, IBM Security X-Force’s Laurance Dine and Stephanie “Snow” Carruthers, and other security experts for a World Backup Day discussion on best practices, preparedness and more. Catch the conversation on Twitter.

National Backup Day is March 31, which serves as an annual reminder of the importance of backups for cybersecurity. We shouldn’t need reminders, but far too often, we overlook backups as a critical element in our basic security hygiene.

As the threat landscape rapidly evolves, it’s never a bad idea to revisit the role backups can play in minimizing downtime, mitigating risks and improving security posture.

The question may be rhetorical, but still essential to explore: why backup your data?

Backups: Still part of good security hygiene

With backups, you are protecting your company from ransomware and other malware that can lock you out of your files or even erase them. In the event of a data breach, you can restore your data from your backups, minimizing the damage that the attacker can do. Backups are also crucial for disaster recovery. If your primary storage medium fails, you can restore your data from the backup.

When systems are down, the cost to your business is typically substantial. According to IBM’s Cost of a Data Breach 2021 report, the average breach increased from $3.86 million in 2020 to $4.24 million. Plus, despite some companies embracing a return-to-work policy, a growing number of employees are still working outside the office or within a hybrid workplace. The files and data they share could be anywhere, which shines a glaring spotlight on new backup challenges for IT and security teams.

But when it comes to backups, boring is always better than exciting. If you treat backups like you do your personal hygiene — like brushing your teeth, something you do every day — your business can prevent headaches down the road. It’s not exciting, yet we do it every day without thinking about it.

Join the Twitter Space for World Backup Day

Backup processes and best practices 

By adopting sound backup best practices, companies can stay one step ahead of attackers. Ransomware, one of the most common threat types, is only evolving with more sophisticated tactics and techniques.

Backups are often the unsung hero of ransomware recovery. In far too many ransomware attacks, the victims could have avoided significant costs with a solid backup strategy. Scenarios where too much time elapsed between backups, or backups were stored on the same network as the attack, shouldn’t be the norm.

Here are some best practices for backing up your data:

  1. Make sure backups are current and include all the data you need to restore your system.
  2. Follow the 3/2/1 backup rule: three copies of your data stored on two different media types and one remote copy.
  3. Store your backups in a secure location — preferably off-site.
  4. Make sure to backup data in cloud applications.
  5. Ensure backup data is encrypted and cannot be altered. This step is more critical today as bad actors increasingly target both live and backup data.
  6. Backup frequently. How often data is backed up is dependent on sensitivity and will be different across departments and applications.
  7. Automate whenever possible. Backups should be monitored and tested regularly to ensure integrity.
  8. Create a backup communication plan to ensure key stakeholders are aware of procedures, responsibilities and timelines. Test your recovery plan frequently.

Finally, backups should leverage both disk and cloud. Combining local and cloud storage locations is probably the most effective backup strategy. When backup data is readily available on a local disk, organizations can take advantage of speedy recovery times. With cloud, remote backups minimize risk from malware, disaster or other threats.

The best advice: pretend every day is National Backup Day. After all, the next day is always April 1. If you forget to back up your data, the joke may be on you.

More from Risk Management

4 ways to bring cybersecurity into your community

4 min read - It’s easy to focus on technology when talking about cybersecurity. However, the best prevention measures rely on the education of those who use technology. Organizations training their employees is the first step. But the industry needs to expand the concept of a culture of cybersecurity and take it from where it currently stands as an organizational responsibility to a global perspective.When every person who uses technology — for work, personal use and school — views cybersecurity as their responsibility, it…

When you shouldn’t patch: Managing your risk factors

4 min read - Look at any article with advice about best practices for cybersecurity, and about third or fourth on that list, you’ll find something about applying patches and updates quickly and regularly. Patching for known vulnerabilities is about as standard as it gets for good cybersecurity hygiene, right up there with using multi-factor authentication and thinking before you click on links in emails from unknown senders.So imagine my surprise when attending Qualys QSC24 in San Diego to hear a number of conference…

CISOs drive the intersection between cyber maturity and business continuity

4 min read - The modern corporate landscape is marked by rapid digital change, heightened cybersecurity threats and an evolving regulatory environment. At the nexus of these pressures sits the chief information security officer (CISO), a role that has gained newfound influence and responsibility.The recent Deloitte Global Future of Cyber Survey underscores this shift, revealing that “being more cyber mature does not make organizations immune to threats; it makes them more resilient when they occur, enabling critical business continuity.” High-cyber-maturity organizations increasingly integrate cybersecurity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today