Are you backed up?

And no, we’re not referring to bodily functions but your data hygiene practices.


This must be one of the most infuriating of questions when finding yourself staring at a blank computer screen wondering where all your files have gone and why you can’t get them back. And yet, it’s one of the most crucial.


Travel and tourism businesses across the region are gearing up for what we all hope will be a booming summer season. Millions of visitors are expected to descend on the glorious Cornish Coast, Devon’s picturesque hotspots and Salisbury’s rolling plains, along with their personal information – names and home addresses, phone numbers, payment details – as they book accommodation, days out, hire cars and make restaurant reservations etc.



With so much sensitive data out there for the taking and without the relevant protection, cybercriminals will take full advantage, attacking the most vulnerable. And this is where backing up is critical because once gone, how long would you be able to continue to operate?


The aftermath of a cybercrime such as this can put your business at legal or financial risk, as well as breaking General Data Protection Regulations (GDPR). Recent surveys suggest that the impact of a cyber attack would be enough to sink around a quarter of all small businesses: and if you find yourself having to pay criminals a ransom, your chance of getting all your data back is still only around one in twelve.


By backing up, you're ensuring your business can still function from not only theft but also the impact of flood, fire or physical damage. Furthermore, if you have backups of your data that you can quickly recover, you’re less at risk of blackmail from ransomware attacks.

One very high-profile incident of not backing up was during the making of Toy Story 2. An individual on the team accidentally ran a server command that rapidly began deleting animation files. Whole characters and movie sequences began disappearing before crew members’ eyes. In total, a year’s worth of work was gone in about 20 seconds.

The team was nervous but figured that they would be able to restore the missing files from their backups. Wrong. Turns out, their backups had failed during the last month. Now what? Without these files, the whole film would need reanimating.

Thankfully, another back up had been made so the files were able to be recovered.


So, what should South West businesses consider when backing up data?


Tip 1 – Identify what data you need to back up

Your first step is to identify your essential data. That is, the information that your business couldn't function without.

Tip 2 – Keep your back up separate from your computer

Whether it's on a USB stick, on a separate drive or a separate computer, access to data backups should be restricted so that they:

· are not accessible by staff

· are not permanently connected (either physically or over a local network) to the device holding the original copy

Tip 3 – Consider the cloud

You've probably already used cloud storage during your everyday work and personal life without even knowing - unless you're running your own email server, your emails are already stored 'in the cloud'.


Tip 4 – Read NCSC Cloud Security guidance

Not all service providers are the same, but the market is reasonably mature, and most providers have good security practices built in. By handing over significant parts of your IT services to a service provider, you'll benefit from specialist expertise that smaller organisations would perhaps struggle to justify in terms of cost.


Tip 5 – Make backing up part of your everyday business

We know that backing up is not a very interesting thing to do (and there will always be more important tasks that you feel should take priority), but the majority of network or cloud storage solutions now allow you to make backups automatically.


Here at the South West Cyber Resilience Centre, we are a police-led, not-for-profit organisation and our purpose is to protect regional businesses and charities from cybercrime. Our most important offer is the free core membership which gives you the right plain-English guidance to help yourselves, provides regular threat updates, and allows you to access top-level experts through a series of free webinars.


If you want someone to look at your systems and processes in more detail, our partnerships with the top talent at local universities also enables us to offer a range of uniquely affordable and accessible services. These can help identify your digital vulnerabilities and weaknesses, provide bespoke training, or run you through some contingency planning to make sure you can recover if your defences are breached.



The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South West is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South West provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the South West does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South West is not responsible for the content of external internet sites that link to this site or which are linked from it.