February 15, 2022 Cybersecurity Knowledge Center

The Backup Checklist: The last line of defense

Reading Time: 2 minutes

According to SUCCESS Vice President of Technical Operations Jamie Wolbeck, “Backup may be your last line of defense, but it should be the first thing you should think about when it comes to security.” Having a robust backup checklist is a good place to start.

When it comes to the safety and security of their data, business owners have more to consider than hackers. Cyber-attacks are most certainly a concern for businesses. Even more so could be a system failure or even a natural disaster (or an overheating server room). These could put your business on its heels for months at a time if proper backup protocols aren’t in place.

So where do you begin?

“What I’d suggest is a sit-down conversation with an account manager. Parse through what you currently have in your back-up system,” suggests SUCCESS Product Manager Judd Moore. From there, Wolbeck suggests a downtime tolerance exercise. This will determine your organizations RTO and RPO—the Recovery Time Objective and Recovery Point Objective. Your RTO and RPO are how fast (RTO) your data recovery needs to be, and how far back (RPO) it needs to go.

“While there are factors that are out of your control, like compliance or because you’re in health care and support a system with life-saving capabilities where you have to ensure their downtime is minimal, most of the time it comes down to the executive having to decide, ‘this is okay for my business,’” Wolbeck says. “And I will tell you nine times out of ten when we first get involved, it’s misaligned.”

What’s more—hackers and other malicious actors are now going after backups, as well. “Backup used to be just about business continuity. Increasingly, there’s understanding that it’s a super-important part of cybersecurity as well,” Moore says. “Whether it’s a manual actor or automated actions controlled by a manual actor or both, hackers will now try to find and delete your backups.”

Because of these increased threats, external compliance factors are more of a consideration now than ever before. HIPAA requirements in healthcare, for example, require a business to test all of its backup components on an annual basis, and report back how long it took things to get up and running again.

While backups can be automated, this is not a set-it-and-forget-it initiative.

“You need to test the alerting system, the recoverability of the backup, and the time the takes on a quarterly basis,” Wolbeck says. Additionally, annual testing that simulates a full-scale disaster can reveal any weak spots in your backup system, like the necessity for an offline, off-premises backup, such as tape or USB drive that lives in a separate location.

Each business’s needs will vary based on external compliance factors and internal risk tolerance. SUCCESS has pinpointed eight guiding principles to guide you in protecting your data. They include an emphasis on automated off-site and entirely offline backups. Get in touch with your account executive to help determine which of these principles are going to be the highest priority for your particular industry or organization, and plan the solutions that meet those priorities.

The SUCCESS Guiding Principles for Backup: 

  1. Full Automation
  2. Monitored 24×7
  3. Regularly Tested
  4. Secure and Encrypted
  5. Automated Off-Site
  6. Offline Backup
  7. Complete and Comprehensive
  8. Aligned with RPO and RTO