Why You Need a Backup Strategy (and Which Kind of Backups You Need)
My first Thanksgiving with my wife’s family, something terrible happened. My wife is a minister, and she needed to write a sermon for the Sunday after the holiday. She would sneak away periodically throughout the family festivities to write. She had almost completed her sermon when the disaster happened: her computer just stopped working. It died and would not come back to life.
Things like this happen all the time. To mitigate against this, organizations rely on backups: copies of their important documents, programs, and data that can be used to recreate a lost computer (almost) right where you left it. Backups can be extremely helpful, and there are a lot of different ways to implement a backup strategy. Which approach should you take? What’s the best way to protect yourself and your information?
Backup Scenarios:
To begin, let’s consider some of the reasons why you might need a backup strategy. Understanding the scenarios we are protecting against will help us develop a strategy for protection.
The first scenario is the one my wife faced: her computer hard drive simply failed. This was a much more common problem before the advent of SSD (Solid State) drives, which are becoming standard in newer computers. Older spinning disk hard drives were one of the only components of a computer with mechanical moving parts. Moving parts wear down after a while and break. It’s unavoidable, it will eventually happen. SSD drives get rid of those moving parts, eliminating much of this risk. But there are still other reasons that a hard drive (or other parts of a computer) might turn your machine into a glorified paper weight. Collectively, we’ll call these various issues “local machine failure”: the computer just died and won’t come back to life.
The second scenario to consider is that there has been some sort of infection on the computer of malicious software and the only way to completely fix the computer is to wipe everything clean and restore it to a previous version prior to the infection taking hold. This is the “malware” scenario. While deep-infections that require a complete hard-drive rewrite are rarer these days/easier to catch early on, a new subset of the malware scenario grabbing headlines these days is “ransomware.” Ransomware is malware that intentionally locks you out of your computer and demands that you pay a ransom to regain access. Sometimes the ransom works, sometimes its actually a scam within a scam and you are out both your money and your files forever. This is nasty stuff, and you both want to avoid it (through good practices like not opening unrecognized attachments) and want to be ready to respond to it (preferably without paying a ransom).
A third scenario is the “disaster” scenario: there’s been a fire at your building. Or a flood, or a tornado, or a direct hit from a hurricane, or an earthquake, or the ballistic missile alert wasn’t a false alarm this time, or… you get the idea. There are any number of natural and man-made on-purpose/accidental disasters that could happen, and should they happen, would completely destroy your computer and all its contents.
Finally, there is a scenario we’ll call the “compromise” scenario, and it takes two forms. The first is that your laptop has been stolen. In this form, you both don’t have access to it and don’t know who does/what they are doing with the information that is on there. The second form is an intentional intrusion/hacking situation: someone else has gained access to your system, may or may not have installed software that lets them monitor you and/or maintain access, and may be doing things with your information that you don’t like. While ultimately prevention is best here, in either a theft or remote intrusion case you may need a backup of your machine in order to safely start fresh on a new, un-compromised system.
Why is This Important?
To answer this question, we’re making a quick trip the land down under: the Australian Government has put together a great flyer on the risks of cyber security for small businesses (and I’d include small nonprofits in this list). A few things stand out: first, 43% of cybercrime targets were small businesses (or nonprofits). Second, 22% of small businesses who were hit with ransomware attacks couldn’t continue operating: they were simply done right then and there. While this only addresses one of our scenarios directly, it raises a question that gets to the heart of why this matters: how much would loss of your data/equipment hurt your organization? Could you keep operating if your computers simply stopped working? Or weren’t there anymore? Or couldn’t be accessed or trusted? How long would it take, and how expensive would it be, for you to rebuild all your systems from scratch? And could your business/nonprofit organization survive that sort of an incident?
The reason why backups are so important is that they decrease the cost of these scenarios in terms of both money and time. In all of these scenarios, you’re likely to need a replacement computer (or at least a replacement hard drive for your computer). That’s a monetary cost (possibly covered by insurance, but possibly not). But then after you fork over that money, you’ve got a computer with nothing on it. So now you’re faced with the massive time cost of rebuilding all your data from scratch and likely some additional monetary costs associated with that effort (technical support, lost staff hours, etc). Having backups of your information allows you to restore everything that was lost (at least up to the time of the latest backup, which hopefully gets you pretty close to everything) in a lot less time and with a lot less effort. This is crucial if your organization is going to survive a major technical loss.
How to Do It:
Ok, so how do we set up a backup strategy?
There are essentially three ways you can backup your data. Two are strictly backups, one is something of a hybrid model. The first two are (1) a local backup to an external drive attached (either by usb or local network connection) to your computer, and (2) a remote backup to a data center somewhere far, far away. These are strictly backups: you send the data to the backup drive/data center, and then you only go looking for that data when something bad happens and you need to restore it. The third method is a little different: it’s using cloud services (like Dropbox, Google Drive, etc) to store and work on your documents/information “in the cloud.” These services can act as a backup in that, should anything happen to your local machine, your data on these services will still be available. They are not strictly backups, though, because you still have access to (and likely actively use) the files in the cloud service for normal day-to-day work (it’s not just there for an emergency) and they “sync” the data between your machines and the cloud rather than simply “pushing” backup copies to the backup drive.
Now let’s consider how each of these possibilities helps us respond to the scenarios we outlined.
Local backups have one chief advantage: because they are right next to you, backing up to them and restoring from them is fast. However, they only really help us against one-and-a-half of the above scenarios: local machine failure and the “physical theft” side of the “compromise” scenario (and that’s assuming the backup hard drive wasn’t in the stolen bag with your laptop). Your hard drive crashes and you purchase a new one. The local backup can be used to restore all your documents and files pretty darn close to where they were at the time of the loss. That’s great, and for protecting against this scenario it may be worth having that external hard drive. But against most other scenarios this method offers minimal (if any) protection. For example, if your computer was destroyed in a fire or earthquake, it’s almost certain that your backup hard drive is lost, too (especially if it was plugged right into the back of that lost computer). And if your machine has been infected or hacked, a drive directly connected to it has probably also been infected and/or hacked, so it may not be a reliable backup from which you can restore your files safely.
Cloud services like Google Drive or Dropbox offer flexibility and a quick recovery time for many of the scenarios we’ve considered. If your hard drive fails, your computer is stolen, or your building is destroyed in a natural disaster (or even just inaccessible due to a snowpocalypse), you simply login to your Google Drive/Dropbox/Cloud-service-of-choice account and you have access to all the files you’ve stored in the cloud. This enables you to (a) work remotely on your documents, and (b) quickly recover your documents stored in the cloud on a new machine (just log in and they are almost instantly available to you). That said, most cloud services only store a sub-set of your documents/files. Generally, they don’t contain any system settings, operating system files, applications/programs, or things stored directly on your hard-drive instead of in their cloud system (often including things your photo/music library, downloads folder, and more). So while they may make it easy to work remotely, if your computer is actually completely lost there may be a lot that these systems don’t account for. Additionally, there are a couple of scenarios in which a cloud service like Google Drive or Dropbox won’t provide adequate protection. If your computer is infected with malware that corrupts or, in the case of ransomware, encrypts your files, your information may still be vulnerable even if it is being stored “in the cloud.” This is because these services work off a “sync” model: they sync changes across all your machines and their cloud version of your documents so that you are up-to-date wherever you are. If the latest change they detect is a corrupted/encrypted version of your document, they will sync out that corrupted/encrypted version everywhere (including their cloud servers). While it may be possible to recover an earlier version of the file from the cloud in some cases, in many instances your document may be permanently lost. Finally, if your computer has been intentionally hacked/breached in a compromise scenario, your documents may not be corrupted or encrypted but they may be accessible to someone you don’t want to have access to them. So while you may be able to restore them quickly on a new machine, you may need to take additional steps like changing your passwords to truly protect them in this situation.
Remote backups offer the most complete and versatile protection against all of the scenarios we’ve considered. Being true backups, they will not overwrite past backup copies of a file with a “new” corrupted/encrypted version in the case of a malware/ransomware infection (though a corrupted/encrypted version may be included in a post-infection backup, older backups will contain the “clean” original and will not be overwritten, making it possible to recover the files, though possibly not possible to recover the absolute most recent version of them). And they offer you protection for everything on your computer against disasters, theft, and local machine failure. The one disadvantage remote backups face is that they are generally slower (and sometimes more complex) to restore from than either a local backup or a cloud service. While you hopefully won’t need them often (or ever), it is worth noting (and knowing) that if/when you do it might take some technical assistance and might not be instantaneous. Still, it will be much less painful and much faster than attempting to rebuild from nothing at all. Think of these systems as an insurance policy: there when something really bad happens, but not something you want to deal with on a daily basis if you can avoid it.
Conclusion
So what should your strategy be? I recommend a mixture of all three: keep a local backup on your desk in case of local machine failure (fastest way to restore in this scenario), use cloud services to enable remote work on documents and protection of these files from many scenarios (with almost instant restore possible, if necessary), and have automated remote backups of your full system available as an insurance policy in case of infection from malware or ransomware or a total loss due to a disaster. Of these, the remote backups offer the greatest protection and should be considered a necessary insurance plan in today’s world. And if you need help finding a provider or implementing a backup/cloud services strategy, feel free to reach out to us here at Soren, we’re always glad to lend a hand.
