Data Audits and Backup Plans: Where are you going wrong?

One of the most common problems we see is clients who have created a data backup plan, but it’s not doing the job it should. A back up plan is only worth having if it protects your data the right way and if it’s been tested. An untested plan leaves your data vulnerable to errors, meaning your data could be lost.

How can I avoid data loss?

Having a backup is the obvious answer. But simply having one isn’t enough. A backup needs to cover all of your data, taking into account how it’s used, where it’s stored and who has access to it. That’s why it’s essential to start with a data audit.

What’s a data audit?

A data audit takes stock of your data. We always recommend doing a data audit – questioning and auditing your data can raise important flags about the data, storage, and backup systems you’re using. The most basic function of an audit is to get a real picture of what data you’re protecting, how you’re protecting it, how you can recover it, and whether you are testing and securing this data with the right policies and procedures.

What should a backup data audit examine?

We ask clients to go through the following starter questions with us:

  • What data do you have?
  • Where is the data held?
  • Who has access to this data and how?
  • Is there any sector specific legislation that affects how you must store this data?
  • If data is stored by a 3rd party, have you performed supplier due diligence?
  • How is this data currently protected?
  • What is the target for the backup, where is the data replicated and retained?
  • Have you tested this protection?
  • How will this data be recovered?

A factor that is often overlooked by businesses is the potential financial and time losses that they could suffer caused by data recovery. In our experience, a lot of disaster recovery plans are used as box ticking exercises and don’t have a real-world relationship, so when a disaster happens, it’s panic stations!  We encourage all businesses to consider these two factors:

  • Recovery Point Objective (RPO) At what point do you need to restore your data from? In business terms, there is an inherent value that will be lost if, for example, you lose a week’s worth of work as opposed to a day’s. Often overlooked, setting an individual RPO can save businesses money and stress by ensuring they remain efficient even a data loss occurs.
  • Recovery Time Objective (RTO) Similarly, the question of how long it will take you to get up and running again is vital. Again, the difference between a week and an hour has a huge knock-on cost in terms of employee time and potential business lost.

When setting an RPO and RTO in your plan, the key factor lies in testing it. If your plan is only good on paper, you might not get the efficiency you expected when you need to do a data restore.

Data Backup Plan

Your backup plan will be as unique as your company and the data you hold. There is no one size fits all – a thorough and professional data audit should help you write, implement, and test your backup plan correctly.  

Here at Vitanium, we think immutable backup should be a minimum for every company, not a nice to have. We recommend immutable backups as way to counter ever increasing data attacks because it is impossible to alter. We’d be happy to advise you on this.

Train your employees

Your weakest data link is often your employees. We always recommend applying the Principal of Least Privilege to data and systems, ensuring that human error, shadow IT breaches or the challenges of working from home have the minimum impact on your systems. It’s also essential that your employees know and understand how to protect the data they work with – training and awareness around authorized suppliers and software lists is more important than ever as more employees access and store data at home.

Test, test and test again!

To finish, it’s important to remind people that a data backup plan is just that – a plan – unless it is regularly tested. We advise building a restore test schedule into your strategy. Our systems use an automatic restore testing with email confirmation meaning you can be confident that the system is working.

If you’d like to talk about a data audit and data backup plan, we can help. We’ve been implementing backup solutions for customers for over 15 years, and our approach is to listen and understand customers’ needs before creating a bespoke solution to ensure maximum protection. If you’d like to know more, get in touch with our UK team here.