We’ve all been guilty of not backing up important files, only learning our lesson after losing family photos, documents or homework. But for businesses, not backing up data can be a costly mistake. To mark this year’s World Cloud Security Day, Alan Stephenson-Brown, CEO at Evolve, reveals the biggest backup mistakes you don’t know you’re making, and shares industry best practices.
Businesses use data for everything — sales, marketing, logistics, staffing. When it’s lost, things quickly grind to a halt.
With so much at stake, it would make sense for every business to back up its data regularly. But after the rate of backups saw a drastic uptick following the onset of the COVID pandemic and the rise in remote work, numbers have now dropped off.
Among our own clients we see a worrying assumption that data is automatically backed up in the Cloud, but it’s an assumption that can have costly consequences.
Cost to businesses
Calculating the cost of data loss is difficult for two reasons. Firstly, because it can vary widely depending on the size of the business and how valuable the data is. Secondly, because the end cost ultimately depends on the consequences of the loss, not necessarily the missing files alone.
However, there is no doubt that a typical data-loss event can be incredibly expensive. One recent report found that “small” instances of data loss (around 100 lost or compromised records) cost businesses an average of $18,120 to $35,730, while large-scale data loss (100+ million records) costs an average of $5 million to $15.6 million.
But it can be more helpful to think of the cost of data loss in terms of the cost of the downtime that follows. Depending on a company’s size, costs of downtime can vary from $10,000 per hour to more than $5 million per hour.
Common Causes of Data Loss
There are many ways data can be lost. These include as hardware failures, malware, and malicious deletion by internal employees, or even physical on-site events like fires.
According to the 2023 Verizon Data Breach Investigations Report:
- 74% of breaches in 2022 involved a human element, such as error or misuse.
- 24% of all breaches involved ransomware.
- 83% of breaches involved external actors, such as criminal organisations.
- 49% of external actors used stolen credentials in their attacks.
In 2022, the NHS fell victim to a major ransomware attack which saw the NHS 111 service being taken offline alongside management systems for GP surgeries, care homes, and mental health services being affected. Since then the healthcare industry remains a common target for ransomware, with the NHS Trust confirming it was affected by a ransomware attack in June 2023.
But no business or sector is immune, so best practices for data backup need to be followed.
Top tips for protecting business data
- Understand the causes of a breach
This understanding can help take simple preventative steps. Hard drives, for example, will eventually fail because they have a defined lifespan. If you are aware of this inherent limitation you can schedule timely replacements to reduce the risk of unexpected failures that result in data loss.
Likewise, the knowledge that human error plays a role in many breaches, which can be mitigated through training and education.
The data loss risks your business faces also inform the types of backups that you use. For example, if your physical premises are located in a flood plain, consider the value of off-premises and cloud backups.
- Data mapping
This exercise we use during the onboarding process to identify where data is stored. It’s a great way to determine what kind of backup is best for individual businesses.
- Follow the 3,2,1 rule
Back up three copies of data, in two separate locations, and make sure one is the cloud.
- Choose the right storage
Local: Local storage may be the better option to ensure your data is secure and physically controlled. Among businesses, 33% of users now rely exclusively on local backups.
Cloud: Conversely, cloud storage could be more convenient and cost-effective if your data isn’t sensitive or there are no regulatory limits on third-party providers. As of 2022, around 60% of all corporate data was stored in the cloud.
Hybrid: Although many experts believe hybrid backup, combining cloud and local storage, is the best possible data backup solution, only 12% of IT users were using this model according to a recent study.
- Monitor backups daily.
This may seem excessive, but we recommend daily backup testing – backing up data is useless if the backups themselves fail.
Make sure to document your backup strategy and testing plan, including the backup types, schedules, goals, metrics, methods, and frequency. Additionally, review and analyse backup test results by using reports and logs that can show the status and performance of your backups and restores.
Although many businesses are not backing up their data as frequently as we would recommend, we know there is a growing awareness of how important measures like these can be. In a 2023 survey, more than one-third of businesses said they planned to increase cybersecurity spending over the next year, including expanding and upgrading their cloud systems.
