And no, we’re not referring to bodily functions but your data hygiene practices.
This must be one of the most infuriating of questions when finding yourself staring at a blank computer screen wondering where all your files have gone and why you can’t get them back. And yet, it’s one of the most crucial.
Travel and tourism businesses across the region are gearing up for what we all hope will be a booming summer season. Millions of visitors are expected to descend on the glorious Cornish Coast, Devon’s picturesque hotspots and Salisbury’s rolling plains, along with their personal information – names and home addresses, phone numbers, payment details – as they book accommodation, days out, hire cars and make restaurant reservations etc.
With so much sensitive data out there for the taking and without the relevant protection, cybercriminals will take full advantage, attacking the most vulnerable. And this is where backing up is critical because once gone, how long would you be able to continue to operate?
The aftermath of a cybercrime such as this can put your business at legal or financial risk, as well as breaking General Data Protection Regulations (GDPR). Recent surveys suggest that the impact of a cyber attack would be enough to sink around a quarter of all small businesses: and if you find yourself having to pay criminals a ransom, your chance of getting all your data back is still only around one in twelve.
By backing up, you're ensuring your business can still function from not only theft but also the impact of flood, fire or physical damage. Furthermore, if you have backups of your data that you can quickly recover, you’re less at risk of blackmail from ransomware attacks.
One very high-profile incident of not backing up was during the making of Toy Story 2. An individual on the team accidentally ran a server command that rapidly began deleting animation files. Whole characters and movie sequences began disappearing before crew members’ eyes. In total, a year’s worth of work was gone in about 20 seconds.
The team was nervous but figured that they would be able to restore the missing files from their backups. Wrong. Turns out, their backups had failed during the last month. Now what? Without these files, the whole film would need reanimating.
Thankfully, another back up had been made so the files were able to be recovered.
So, what should South West businesses consider when backing up data?
Tip 1 – Identify what data you need to back up
Your first step is to identify your essential data. That is, the information that your business couldn't function without.
Tip 2 – Keep your back up separate from your computer
Whether it's on a USB stick, on a separate drive or a separate computer, access to data backups should be restricted so that they:
· are not accessible by staff
· are not permanently connected (either physically or over a local network) to the device holding the original copy
Tip 3 – Consider the cloud
You've probably already used cloud storage during your everyday work and personal life without even knowing - unless you're running your own email server, your emails are already stored 'in the cloud'.
Not all service providers are the same, but the market is reasonably mature, and most providers have good security practices built in. By handing over significant parts of your IT services to a service provider, you'll benefit from specialist expertise that smaller organisations would perhaps struggle to justify in terms of cost.
Tip 5 – Make backing up part of your everyday business
We know that backing up is not a very interesting thing to do (and there will always be more important tasks that you feel should take priority), but the majority of network or cloud storage solutions now allow you to make backups automatically.
Here at the South West Cyber Resilience Centre, we are a police-led, not-for-profit organisation and our purpose is to protect regional businesses and charities from cybercrime. Our most important offer is the free core membership which gives you the right plain-English guidance to help yourselves, provides regular threat updates, and allows you to access top-level experts through a series of free webinars.
If you want someone to look at your systems and processes in more detail, our partnerships with the top talent at local universities also enables us to offer a range of uniquely affordable and accessible services. These can help identify your digital vulnerabilities and weaknesses, provide bespoke training, or run you through some contingency planning to make sure you can recover if your defences are breached.