[BreachExchange] The Do's And Don'ts Of Backing Up Data For Small Firms

Inga Goddijn inga at riskbasedsecurity.com
Tue Nov 20 19:24:07 EST 2018


https://www.forbes.com/sites/forbestechcouncil/2018/11/20/the-dos-and-donts-of-backing-up-data-for-small-firms/#5f3f4b252b57

Data loss can be heartbreaking. What’s worse, there’s always someone who
asks, “Well, were you backing up?” It’s a setup for a “told you so,” adding
insult to injury. Of course, you realize they’re completely right, making
it sting that much more.

A plethora of different options are available for backing up your
information, circumventing what could otherwise be a crippling situation,
should your files disappear into the void. This was the motivation for my
last two articles, which covered onsite backup
<https://www.forbes.com/sites/forbestechcouncil/2018/10/04/protecting-data-without-blowing-the-budget-part-1-onsite-backup/#5dfac4eb3e64>
 and hosted solutions
<https://www.forbes.com/sites/forbestechcouncil/2018/10/31/protecting-data-without-blowing-the-budget-part-2-cloud-services/#7f9b532e3ad5>.
The problem is, the market is filled with diluted solutions and everyone
has a different opinion on how to back up your information.

Because each business is unique, different approaches are required based on
company size and industry. As there’s not a lot of information available
for small firms, I’d like to offer my advice on securing your information
so you’re not pulling your hair in the event of data loss.

*Backing Up Onsite Is Viable *

Many hosted vendors make the case that backing up onsite isn’t ideal for
several reasons. In some respect, they’re correct. However, if done
correctly, then this a good option, as it eliminates fees you’d pay to a
backup provider. This way, the only concerning issues are natural
disasters, fires or a failure of the onsite backup.

*Dos Of Backing Up With A NAS*

I find that one good option for backing up local devices on a small network
is a NAS (network attached storage). These devices are essentially a
plug-and-play file server with less hassle than a traditional machine.
YOU MAY ALSO LIKE

There are a ton of options available, as you can see in this TechRadar
article <https://www.techradar.com/news/the-10-best-nas-devices-reviewed>.
Each of the devices described allows you to connect to your network for
file storage. These allow space for everyone to back up and share files.

*Don’ts Of Backing Up With A NAS*

Like everything else in the world, not all NAS devices are created equal.
Storage capacity, remote options and user access control all differ between
manufacturers and models.

For example, with some of the less expensive, personal western digital
products, you’re not going to get the full backup experience as you would
with more business-tailored solutions. The same applies to anything
inexpensive you can get off the shelf at a large retailer, whether from
Seagate, Buffalo, Apple or another manufacturer.

If you’re planning on going the NAS route, make sure to consider the
following criteria:

*• Select a unit with enough storage. *If you’re going to be backing up a
lot of information on a local network, don’t purchase a small amount of
storage unless you’re able to supplement the device with additional storage
down the road. Usually, devices with multiple storage bays for additional
drives will have this option, but many units only have a static amount of
storage.

*• Select an option with good remote service. *Most NAS devices enable
secure access to data from anywhere, so long as your network is configured
properly. However, some only function with a correlating app issued by the
manufacturer. These can be a little clunky, so do your research to see what
others are saying about a product before you make a purchase. This is
particularly helpful if your network isn’t sitting behind a virtual private
network.

*• Steer clear of anything lacking user access control features.* Should
workers be accessing files and sharing documents, make sure user access
controls are available to prevent unprivileged users from meddling with
other files. Of course, you can also set up most systems like a standard
file share and configure the proper user permissions through Windows.

*• Automated backup of selected directories or volumes. *If backing up is
left to your own devices, meaning it requires you to manually copy and
paste files, it’s practically useless. Most systems can automatically back
up information, so make sure whatever you’re considering can retain data
from multiple sources while also meeting the above criteria.

*Cloud Backup Solutions, Office 365 And DRaaS Providers*

A slew of reputable providers offer services that automate secure backup
processes for a monthly service fee. The value here is that your data is
stored securely in the cloud, so it’s reasonably safe and accessible from
just about anywhere.

With that said, situations like the 2009 Carbonite
<https://techcrunch.com/2009/03/23/online-backup-company-carbonite-loses-customers-data-blames-and-sues-suppliers/>
incident
still make some a little weary. Fortunately, these situations aren’t common
so selecting a provider (if any) should revolve around the following few
points.

*Dos Of Using A Backup Provider*

Redundancy doesn’t hurt. Your data is valuable and spending extra money can
be worth the peace of mind. Every year, PCMag.com puts out a side-by-side
comparison <https://www.pcmag.com/article2/0,2817,2288745,00.asp> of top
backup providers in the market. If you’re looking for such a service, think
about your budget and use this guide as a starting point.

Also, keep in mind that if you’ve made the switch to Office 365, the
platform does back up data, however, it’s not as sophisticated or reliable
as a full-fledged backup service, so make sure to take advantage of
OneDrive. If you’re using G Suite and its productivity tools, take
advantage of Google Drive for storage. In fact, this is still a solid
option even if you’re using Office as your primary software for word
processing or spreadsheet functions.

*Don’ts Of Using A Backup Provider*

If you’re considering a DRaaS (disaster recovery as a service) provider,
keep in mind they tend to use fear as one of their selling angles. While
you should be concerned about your information, most providers of this
flavor are geared toward large enterprises with service level agreements
promising minimal downtime and capabilities to restore everything from
single pieces of data to entire systems. For a small firm, such services
are likely overkill. You’re reasonably safe using either an on-premise NAS
or a backup service provider.

Take care to protect your data by selecting the solution that’s best for
your operational model. While you don't want to sell yourself short, you
don’t necessarily want to sell a kidney to pay for a company with a
militaristic level of data safeguarding.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20181120/ca1058fb/attachment.html>


More information about the BreachExchange mailing list