1.   Why do you need a backup?

Data is the new currency of the world. It is the most important asset to all businesses. We all have processes, contacts and intellectual property that make our company unique. Being unique is the bit that gives us the edge so we can stand out of the crowd. We must protect this advantage.

Losing data is inevitable. It can happen due to an innocent mistake like accidentally deleting the wrong version of the file, the system might unexpectedly crash or malicious actors can gain access and demand ransom to release your data.

“I have everything in my head” you might say. Though this might be true, consider the following

–       How much time do you need to get that information back into the systems, so your team is fully functional again? Hours? Days? Weeks?

–       Are you 100% sure you have every single detail in your head? Do you know every single phone number by heart?

–       Are these memorised details truly accurate? Was that 021 984… or 021 974?

The backup is to help your business back up and running in the shortest time possible. It mitigates the risk of downtime and as a direct result, financial loss.

2.   What should be backed up?

‘Everything’ sounds like the safest and best option, doesn’t it? ‘Everything’ will include the data you really need for sure. So what is the problem with this method?

Backing up and later restoring everything will increase the time needed for both processes. A long backup window increases your risk (the longer the backup takes the later you have access to it) and also has a direct impact on your RTO (Recovery Time Objective – I know, I know, just bear with me), impacts how quickly you are up and running after a disaster.

If you back up everything then do a selective restore, you risk your RTO again because you have to go through ‘Everything’ and pick what you need. A disaster comes with stress. Are you sure you click the right bits to restore under this kind of pressure?

In most cases, the computer is not purely for work or personal use. Do you need to have a backup of those photos from Bali from ’98? How about the daughter’s homework from four years ago?

When defining the scope of your backup, keep the disaster in mind. Make the restore process as simple, efficient and quick as possible by backing up only what is necessary for the business.

3.   What are your requirements?

As discussed previously, the backup is to mitigate the risk of downtime and minimise financial loss.

To define what sort of backup you need, first, you have to consider two key metrics

–       RPO

–       RTO

Very helpful, right? Let’s unpack these.

RPO, Recovery Point Objective

Consider you lose all your data and have access to nothing at all. How old is the data that is still useful? How much data can you lose without having a severe impact on the business? Is it a day? Is it a week? Or is it only an hour?

For example, if you provide a loan service, with the promise of a decision in less than 60 minutes, then a day old data is most likely useless for you because you don’t know what transactions you approved in the last 24 hours and you would need to redo these.

On the other hand, if you run a car workshop, using not the most recent prices of parts, but let’s say from three days ago might be acceptable for you.

RTO, Recovery Time Objective

How quickly do you need to regain access to your data and be acceptably functional again? Let’s use the same examples as above.

If you promise to make a decision in 60 minutes and you need 20 minutes to process an application, you need to be back up and running in no more than 40 minutes otherwise you cannot keep your promise.

Your workshop can live without the part catalogue potentially for days or even a week. You can query prices and place orders over the phone. Not as convenient as a click of a button, but the business impact is minimal.

4.   Where should you store your backups?

So far, we have a basic idea of our requirements for the backup. Now, let’s focus on where these backups should be kept.

The industry tends to answer this question with a simple ‘3-2-1’. “Yet another IT term from the enterprise world”, you might think. It is not as complicated as it sounds, and it is reasonably easy to achieve in the age of the cloud, even in a micro business environment

Three copies of the data

You work on the production copy and have another two backups. After all, the backup data is still stored on another computer, which might have a system failure as well.

Two different mediums

So three copies. Easy. Have three documents folder on your computer. Meets the first criteria, but what if your drive dies? You lose all three copes, and you have nothing to go back to. This is why one copy of the backups should be on another medium. This can be another hard drive, a device on the network or in the cloud.

One off-site

We have three copies on two different mediums which sounds robust, so off-site sounds like an overkill. You back up to a flash drive or a network device. When have you last removed that flash drive or shut down that network device? The problem with these is that they are always online, and they are always accessible. If a ransomware attack hits the computer, these online backups will be encrypted as well, or if the office suffers a major catastrophe, like fire, everything inside, including the computer and the backup device attached to it will be destroyed.

A potential solution

Though the industry best-practice sounds scary and overwhelming, as promised, it is easy to meet. Consider the following scenario; you use OneDrive for business to store your data and your Office 365 tenant has an independent backup. You have one backup yet fulfil all three criteria. You have

–       Three copies: one on your computer, one in the Office 365 cloud and one in the backup

–       Two different mediums: you actually have three independent storage mediums involved

–       One off-site: you have two. Both Office 365 and the backup of that tenant is outside your office

5.   What is the cost involved?

Backup is like an insurance policy. Ideally, you never need it, but if you do, it can be a life-saver.

You have a backup in place to mitigate the risk of downtime and as a result, financial loss. Let’s consider you do not have any backups at all and in case of a disaster, you need to get back to normal operations by starting from scratch. How much time is needed to achieve this?

Let’s say you need four days to restore normal operation. You have a team of six, and they can barely do any of their work without computers and data. Six people in four full-time days translate to 48 hours of work. They can do a bit, like 20 per cent. This means 38.4 hours of work is lost during the recovery. The four days of decreased customer service level will also need aiding that will need more money (discounts, extra work, …). How much will the missed SLAs cost? How much do these cost the business? This is the tip of the iceberg of the loss. You can measure these very clearly and directly but how about the loss in your reputation?

On the other hand, how often do these disasters happen? One disaster in three years is almost certain to occur (we saw customers hit by ransomware seven times in one single year). To paint a more detailed picture, don’t forget, a disaster doesn’t have to result in a full system shutdown. A small accident, impacting only a few of your team can be just as damaging.

How do the two sides of the scale stack up? What is the risk you are willing to take?

6.   Start working on it now!

Any kind of backup is better than having no backup at all. It might not be perfect but at least you have something to rely and build on. Start with the easy steps then keep developing you system towards best practices.