What is your backup plan?

A backup is a copy of all your important data stored in a location other than just your computer. Backup protects your data from multiple risks such as hardware failure, cyber attacks, human error and other accidents. As many as 1 in 10 computers are infected by computer viruses every month, and if the attackers succeed, it's your backup that will save your business data. Therefore, there couldn't be a better day than World Backup Day to get an overview of how your backup is working for you. We call this overview a backup plan.

What is a backup plan?

A backup plan is a process for the company's backup of data. A backup plan contains:

• Who is involved in backup processes.

• Which programs and products the business uses.

• Location of the backups.

• How long you keep the different backups for

• Procedures for testing, reviewing and updating backups.

Who is responsible?

Although backup is something everyone should be involved in and the main responsibility falls on management, companies should decide who should have a dedicated responsibility for backup. Such responsibility entails:

• Checking that backups are done successfully every day

• Responsibility for encryption key

• Maintaining the storage unit

• Updating and adopting new features in the backup solution (updates are usually released every 2-3 months).

• Testing of the entire backup solution every 6 months, as well as individual files weekly.

Location of backups

Industry standards state that you should have a minimum of 3 backups. These should be stored in at least two different locations, at least one of which must be off-site. If you experience an attack on one of your backups, you still have access to your files. When you have backups stored with a cloud service or elsewhere, it's important to encrypt the files. Even if the attackers get hold of your files, they won't be able to read them.

How long you keep the different backups for

A backup plan must include what the company should back up and what should not be backed up. A decision must also be made on how long the company should keep each backup before they are overwritten. This decision must be made at board and management level, which has overall responsibility for documents and files in the company. How long you can have online backup in the cloud also depends on which provider you buy backup services from. All backups must be carried out in accordance with regulations, such as the fact that the company's accounting material must be retained for 5 years, as well as the GDPR data protection legislation. All data that the GDPR legislation requires you to delete from your databases must also be deleted from the backup. This can be challenging, and a security partner can help you find solutions and routines for this.  

Testing, updating and performing backups

How do you know if your backup solution is working properly? Test it. Test it. Test. Then you'll also get answers to questions you really want to know before the accident happens. How long does a full backup take for your business? How will you work while the backup is taking place? Which files should be prioritized first?

Your full backup solution should be tested every 6 months, and some smaller elements should be tested weekly. In a backup plan, you should also make a priority list of which files are most critical and need to be restored first. This could be a customer database, contracts and agreements, files for production or projects. This is to ensure that your business gets back to normal operations as quickly as possible, and there are some documents that are more necessary than others. By testing your backup, you not only find out how fast and efficient it is, but also how your employees should restructure their working day to avoid losing valuable time. If your business finds itself in a situation where files have been stolen or deleted and a full recovery is required, it's also necessary that one person is responsible for talking to the employees who will be working with the critical files and when they can do this.

Backups should be performed before software updates to ensure that these updates do not affect your files. For example, Microsoft releases a new update every second Tuesday of the month, and if you have backed up in advance, there is no reason why anyone should hesitate to initiate important security updates.

Which devices can be used while backup is in progress?

The backup plan should also include which devices and network connections the business can use in the event of an attack. If you have a contingency agreement with a security company such as Cyberon Security, you will receive a contingency kit with trusted computers, mobile phones, networks and storage devices so that you can communicate safely with them and your customers while they handle the data attack.