Spring has sprung in Canada, and that means the return of the first robins, street sweepers, and of course, World Backup Day! While this event focuses largely on the backup up of personal data, it’s also a great reminder for organizations to review their data management practice as well. As with personal devices, company devices can get lost or damaged, an increasingly likely possibility if your organization has remote workers or is maintaining a hybrid model.
Also, accidents happen. Workplace users unwittingly delete crucial files all the time, and they don’t always spot the mistake in time to hit the Undo button. While this is far less likely as organizations increasingly leverage OneDrive or SharePoint for work projects, the advantages of outsourced/automatic backups and version control go out the window if end users aren’t using them! Make sure your team knows to store their work files on these cloud-based services and not locally on their hard drives.
A sound backup/restore practice is fundamental to the 18 CIS Critical Security Controls to which we align our clients, much less the cybersecurity triad of Confidentiality, Integrity, and Availability. CIS Controls #3 covers Data Protection, and it’s based on the simple premise that enterprises rely on data to make business decisions. It’s therefore crucial to have recent backups or mirrors to recover enterprise data to a known trusted state.
A good data management process starts with good data classification guidelines and requirements for the protection, handling, retention, and disposal of your data. Once that’s done, it’s best to separate assets according to the sensitivity levels of each and prioritize your backups accordingly.
Control #3 goes hand-in-hand with Control #11, Data Recovery, which recommends taking a random sampling of backups and restoring them in a test bed environment once per quarter, or whenever your organization introduces a new backup process or technology. This is ultimately the best way of verifying the integrity of your backups and is a big component of a solid organizational incident response plan.
At the end of the day, remember that storage is relatively cheap, but your sensitive data is anything but.
Happy World Backup Day!