This Thursday, March 31 at 9:30 a.m. MT/11:30 a.m. ET, join the National Cybersecurity Center, IBM Security X-Force’s Laurance Dine and Stephanie “Snow” Carruthers, and other security experts for a World Backup Day discussion on best practices, preparedness and more. Catch the conversation on Twitter.

National Backup Day is March 31, which serves as an annual reminder of the importance of backups for cybersecurity. We shouldn’t need reminders, but far too often, we overlook backups as a critical element in our basic security hygiene.

As the threat landscape rapidly evolves, it’s never a bad idea to revisit the role backups can play in minimizing downtime, mitigating risks and improving security posture.

The question may be rhetorical, but still essential to explore: why backup your data?

Backups: Still Part of Good Security Hygiene

With backups, you are protecting your company from ransomware and other malware that can lock you out of your files or even erase them. In the event of a data breach, you can restore your data from your backups, minimizing the damage that the attacker can do. Backups are also crucial for disaster recovery. If your primary storage medium fails, you can restore your data from the backup.

When systems are down, the cost to your business is typically substantial. According to IBM’s Cost of a Data Breach 2021 report, the average breach increased from $3.86 million in 2020 to $4.24 million. Plus, despite some companies embracing a return-to-work policy, a growing number of employees are still working outside the office or within a hybrid workplace. The files and data they share could be anywhere, which shines a glaring spotlight on new backup challenges for IT and security teams.

But when it comes to backups, boring is always better than exciting. If you treat backups like you do your personal hygiene — like brushing your teeth, something you do every day — your business can prevent headaches down the road. It’s not exciting, yet we do it every day without thinking about it.

Join the Twitter Space for World Backup Day

Backup Processes and Best Practices 

By adopting sound backup best practices, companies can stay one step ahead of attackers. Ransomware, one of the most common threat types, is only evolving with more sophisticated tactics and techniques.

Backups are often the unsung hero of ransomware recovery. In far too many ransomware attacks, the victims could have avoided significant costs with a solid backup strategy. Scenarios where too much time elapsed between backups, or backups were stored on the same network as the attack, shouldn’t be the norm.

Here are some best practices for backing up your data:

  1. Make sure backups are current and include all the data you need to restore your system.
  2. Follow the 3/2/1 backup rule: three copies of your data stored on two different media types and one remote copy.
  3. Store your backups in a secure location — preferably off-site.
  4. Make sure to backup data in cloud applications.
  5. Ensure backup data is encrypted and cannot be altered. This step is more critical today as bad actors increasingly target both live and backup data.
  6. Backup frequently. How often data is backed up is dependent on sensitivity and will be different across departments and applications.
  7. Automate whenever possible. Backups should be monitored and tested regularly to ensure integrity.
  8. Create a backup communication plan to ensure key stakeholders are aware of procedures, responsibilities and timelines. Test your recovery plan frequently.

Finally, backups should leverage both disk and cloud. Combining local and cloud storage locations is probably the most effective backup strategy. When backup data is readily available on a local disk, organizations can take advantage of speedy recovery times. With cloud, remote backups minimize risk from malware, disaster or other threats.

The best advice: pretend every day is National Backup Day. After all, the next day is always April 1. If you forget to back up your data, the joke may be on you.

More from Data Protection

Data security tools make data loss prevention more efficient

3 min read - As businesses navigate the complexities of modern-day cybersecurity initiatives, data loss prevention (DLP) software is the frontline defense against potential data breaches and exfiltration. DLP solutions allow organizations to detect, react to and prevent data leakage or misuse of sensitive information that can lead to catastrophic consequences. However, while DLP solutions play a critical role in cybersecurity, their effectiveness significantly improves when integrated with the right tools and infrastructure. Key limitations of DLP solutions (and how to overcome them) DLP…

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today