Everyone knows they should make backups - but why? What could happen if you don't?
In our previous backup-related blog post, we looked at how the 3-2-1 rule can help businesses to protect against data loss. This time around, we’re going to look at why we make backups in the first place, and what can happen if you’re not prepared.
Why Make Backups?
All businesses, to some extent, rely on information – and record keeping is a vital part of that. If those records are lost, the damage can be catastrophic. A shop, for example, could lose receipts and customer contact details, leading to missed sales. A law firm could lose interview transcripts and other legal documents, leading to mistrials or collapsed property deals. Suffering this kind of data loss could be enough to put them out of business permanently.
Backups are essentially an insurance policy, in case the worst happens. They're the copies you turn to when your original files are no longer available to you. You hope you’ll never need to use them, but if you do, you’ll be glad you spent the time making them.
How Is Data Lost?
There are numerous ways you could suffer data loss, including:
- Fire, flood and other acts of nature: Your backup systems could be physically destroyed.
- Theft: Someone could break into your premises and steal your backups.
- Human error or malicious behaviour: A team member might accidentally – or even deliberately – delete important files.
- Mechanical failure: All computer hardware has a finite lifespan. If it fails, you could lose your data.
- Malware: Malicious software can delete, steal or lock your data. It might also give hackers access to your systems.
Thankfully, most of these threats are relatively rare. Malware and the cyber crime it facilitates, however, are depressingly common. Some varieties of malware will simply delete data, while others can steal it and send it to criminals. And because malware can spread, you can easily find it affecting multiple computers in your network.
Perhaps the nastiest strain of malware is ransomware. It encrypts the victim’s data, making it inaccessible without a secret encryption key, which is provided by the criminal perpetrators in exchange for a ransom payment. In some cases, we’ve seen customers suffer ransomware attacks that have also hit their backups. Their data has been encrypted by the ransomware, and that encrypted data has automatically been backed up to their local and cloud backups – rendering the backups useless.
This is why TMB recommends daily USB drive backups as part of a 3-2-1 backup routine. The redundancy built into this kind of backup routine provides an extra layer of protection against would-be attackers. They could delete or encrypt your original copies, your local backup and your cloud backup, and you'd still have your multiple USB drive copies to restore from.
Are You A Target?
One of the biggest mistakes you can make is thinking that cyber criminals won’t be interested in you. Why would they care about an SME in the South East of England, you might wonder, when there are big multinationals with deep pockets they could attack?
There are a few problems with this logic. Yes, criminals go after the big corporations all the time, but there are plenty of reasons why they might want to avoid them too. Bigger companies might have more stringent security measures, for example, making them less vulnerable to malware or hacking attacks. Also, high-profile attacks are also more likely to attract the attention of the authorities – not something your average criminal wants.
In contrast, most SMEs are easy targets. All it takes is for a team member to open an unsafe link in an email or on a web page, inadvertently installing malware in the process. This malicious software then ‘phones home’, using the internet to contact the criminals who made it. They’ll then set about making your life a misery. For them, it’s easy money. They just sit back and wait for their malware to send them another poor victim.
Essentially, you’re not a target until you are. When that happens, you’ll soon know about it.
Are Backups Foolproof?
Unfortunately, no system is 100% secure. If there was such a thing, you can bet big businesses and public sector bodies would use it, rather than suffer embarrassing security breaches. The fact is criminals will always find ways to get around security measures. Even computers running on separate ‘air gapped’ networks have been hacked using electromagnetic waves and CCTV cameras.
Because of this, there’s always the possibility that all your backups could be compromised. Realistically, though, it’s a remote chance, and for nearly all SMEs, a 3-2-1 backup regime that includes cloud backups and multiple, rotated USB drives will be more than enough. It's a simple, affordable way to protect against multiple types of attack - and it could be what saves your business if the worst should happen.