How Effective Are Your Company’s Backup and Recovery Capabilities?

With increasing cyber threat levels, having effective backup and recovery procedures is more important than ever. No cyber protection is 100 percent guaranteed; even if your company has a rigorous cyber and information security program in place, chances are your systems will be breached at some point and you will need to rely on your backup and recovery systems.

The following checklist should help to ensure you have an effective backup strategy in place.

How often do you back up?

Regular backups are key; they should be performed at least daily, or more frequently if you are using technologies such as virtualization. Ensure you have a proper multi-level hierarchy of backups in place so you don’t inadvertently back up corrupted data onto your libraries. You also need to make sure your backups are not internet-connected to avoid being hit by ransomware.

What do you back up?

Decide the extent of your backup. Simply backing up all of your applications and data will be time consuming and expensive. So, determine which elements of your systems (e.g., software applications) you can skip and rely on other providers to supply you with specific versions when needed. You need to establish agreements with these providers up front and review and update them regularly to ensure new editions have been included in the arrangements.

How often do you test your backups?

Many managers think their backups are highly reliable until they get hit with a need to restore. As such, it is very important to develop a number of potential recovery scenarios to test various data and program elements, ranging from routine transactional data to key application programs, to reduce surprises when such data is needed.

Where are your backups stored?

Storing backups on premise is very risky; if your main location is hit by an unforeseen event such as a fire or network breach, backups could be heavily damaged or lost entirely. It is highly recommended to store backups in multiple locations, either physical locations or in the cloud. Also, make sure all confidential data that is backed up to cloud providers or other third parties is encrypted.

Do you have a recovery team?

It is much easier to have a recovery team that has proper policies, procedures, and responsibilities in place before being hit with the need for a major system recovery effort. This team should consist of internal and external IT resources and service providers, as well as internal process owners who would be able to conduct system testing and validate data and readiness during a recovery effort.

Sassan S. Hejazi can be reached at Email or 215.441.4600.

Subscribe to Kreischer Miller's email newsletter

You may also like: