An important consideration for any modern business is ensuring the protection of the various types of data produced and collected by your staff and customers in the normal course of a day.
Your business data can be secured by backups in many ways, some simple and others more complex.
We often see focus placed mainly around the disaster recovery (DR) aspects of backups, which is completely understandable given the issues surrounding ransomware and the impact it can have on your business operations.
One often overlooked component of a company’s backup strategy is the importance of deciding on the duration of your data retention, i.e., how long you need to keep changes that take place within your data.
When making those decisions there are a number of considerations to take into account: for example, you might have legal requirements to comply with such as keeping your financial data for seven years, or you might have a need to retrieve all emails your staff have sent and received for the last 365 days.
Let’s look at an example:
A financial services company, let’s call them Flash Finance, provides advice to New Zealanders. One of their customers, let’s call him Bob, has a casual chat over email with one of the Flash Finance advisors and during this exchange the advisor and Bob discuss a new and upcoming company that is looking for private investors. The advisor makes it clear to Bob that this isn’t a service he is providing through the company but rather his own opinion. Believing he’s onto a winner, Bob invests all his hard-earned cash into the company.
Fast forward five years and the company has crashed, the Advisor has moved on from the firm, his email account was deleted after a few years and memories of what happened have got a little fuzzy.
But Bob’s angry, he wants his money back and in his mind Flash Finance is at fault, so he begins pursuing Flash Finance through the courts under the Financial Advisers Act 2008 for the advice he received.
At this point Flash Finance’s backups and how long they retained backup data for could become the difference between a very expensive settlement vs winning a legal challenge.
In one scenario as the owner of Flash Finance you might pull the relevant emails from your backups, prove your case and win, while in the other you discover the hard way that your email backup only retains information for 30 days and face an expensive loss.
Hopefully this small example starts you thinking about what scenarios matter most to you and your business.
Where should you start to create a strong backup?
As a guide to what creates a strong backup, your IT provider can:
- Create a written backup policy. This helps both you and your supplier understand exactly how your backups operate, details how long different types of data is retained and specifies how often data is backed up. This gets everyone on the same page and ensures all factors are considered and decisions made.
- Test, test, test! Testing backups and backup restorations is a great idea, helping your provider to understand the process and ensures the backups are complete and sound.
- Monitor. Backups sometimes don’t work. They are complicated systems that often don’t complete their job for various reasons, so if you don’t hear from your IT provider from time to time about your backup, it may be they aren’t monitoring it. No one wants to find out their backup isn’t working when they need it most, so your provider should check your backups often.
- Air gap. Get some distance between you and your backups, both physically and digitally. Having your backups located on the same premises as your business or on your network is high risk.
As always, if you want to chat about your backup strategy and how it could be strengthened, we are happy to meet for a coffee.
Just get in touch.