Backup Policies During COVID-19: the dangers of being lax

by Apr 28, 2020Business Continuity

As businesses scramble to adapt to the COVID-19 pandemic, many have shifted to remote working with little planning for how data backups should be handled going forward. It’s a costly mistake that could threaten a small business’s survival during these already challenging times. But it’s not too late to do something about it. In this post, we look at the dangers of becoming too lax about backups right now and how to strengthen your data protection and disaster recovery planning ASAP.


A tough situation

The coronavirus pandemic forced businesses in every industry to rethink how they conduct their operations.

Unfortunately, for many companies, data backups quickly become an afterthought. But in their defense, there wasn’t much time to do things differently.

State lockdowns across the U.S. forced many workplaces to close immediately. Some companies have been fortunate to allow employees to continue working remotely. But in the process, they also became more vulnerable to threats like cyberattacks, phishing schemes and accidental data loss.


You can’t afford data loss right now: Taking a look at backup policies during COVID-19

Businesses are already struggling with a grim economic climate. On top of trying to keep employees safe and healthy, companies are making tough decisions to keep their businesses afloat. Sadly, the general panic and uncertainty surrounding COVID-19 makes businesses susceptible to even more dangers.

A rise in coronavirus scams and cybersecurity threats is pushing some businesses to the brink.

For businesses that have become lax about their data backups, it won’t be the pandemic alone that does them in. It’ll be the same threat that was there all along: data loss.


The risks of lax backups

First, what do we mean by “lax backups?”

We’re referring to any scenario in which the existing backup process has been diminished or not expanded enough to protect new devices or systems. For example, it could mean backups are being performed less frequently, not being tested or not protecting remote workers’ devices.

Each of these scenarios carries an increased risk of data loss due to:

  • Accidental deletion
  • Hardware failure or damage
  • Malware
  • Cyberattack
  • Data migration
  • Application errors

Again, these are risks that businesses already face every day. In non-pandemic times, a ransomware attack costs small companies an average of $100,000 per incident due to downtime alone.

Now, during the greatest economic challenge of our lifetime, the same data-loss event could shutter a business for good.


Why an increased risk?

We’ve mentioned how businesses are especially vulnerable right now to threats like phishing schemes and accidental data loss. But it’s important to understand why.

  • Take social engineering, for example, which dupes users with deceptive emails and websites. These can be particularly effective at a time when users are unfamiliar with new processes or anxious about things in general. That makes remote employees a prime target right now, because many are using new systems, in a new environment, and there’s plenty of confusion and uncertainty to cause mistakes.
  • But there’s also the technology itself. Many businesses are testing unfamiliar systems and putting extra stress on their IT infrastructure to accommodate the shift to remote work. When systems fail, data can go down the drain – especially if your overworked server drives go bad.

These risks underscore the importance of having reliable backups right now.

So, let’s look at the best ways to go about it.


Keep storing files on the network

If your business already has one or more servers that are protected by a backup solution, then make sure files continue to be stored in that location.

Give remote workers secure access to the network, so that they can continue using the same file locations that they’re familiar with. This will ensure that data continues to be backed up as normal.

Be sure to also remind users that they should not be storing valuable files directly on their devices (at home or in the office), unless those devices are otherwise protected by the same disaster recovery solution. This actually brings us to our next point …


Use endpoint backup protection

Keep in mind that every endpoint creates an additional security risk for the network. This is why it’s crucial to apply the strongest security measures possible on those devices, particularly if they’re connecting to the network from off-site.

Every laptop, tablet or smartphone connected to your network is a potential entry point for a security threat. And while you can defend against many threats with strong cybersecurity, valuable data can still be compromised on those devices.

For greater protection, it’s best to back up data at every endpoint. By installing your backup agents on every device, you can ensure that no data goes unprotected, no matter where it lives.


Make your entire infrastructure recoverable

Backing up endpoints is simple enough, but what happens when you lose everything, as in a widespread ransomware attack?

How easy is it to fully restore all the data, applications and operating systems? What about your virtual environments? How about systems you’re running in the cloud?

To ensure true business continuity, you need a robust backup system that protects your entire business infrastructure. More importantly, it needs to be easily recoverable in a wide variety of disasters. Otherwise, the disruption could be catastrophic for your operations (at the worst possible time).


Diversify your backups

Don’t store them in a single location. Keeping backups solely on an on-premise device puts them at risk of being compromised by fire, flooding, hardware failure and other on-site disasters. If something happens to the backups, they’re gone.

Today’s best BC/DR solutions typically use some form of hybrid cloud backup, which means backups are stored on-site and in the cloud. The on-site backup ensures the fastest access to data for most recovery scenarios. The cloud backup provides another fallback in case the on-premise backup is not accessible.

For even greater protection against widespread regional disasters, the cloud backups should be replicated across georedundant data centers.


Perform backups more frequently

Another example of businesses loosening their backup strategy during COVID-19 is running backups less often. It’s a reasonable response to a rapidly changing IT environment: IT managers may decide to do it to lessen the load on stressed systems. But it’s a dangerous risk.

The greater the time since the last backup, the greater the data loss will be if a backup needs to be restored. By performing backups less often, you increase the risk of a more costly business disruption.

Leading backup solutions allow you to perform backups as often as every five minutes, with little to no impact on your resources. This is exactly the kind of protection businesses should be leveraging right now.


Continue testing all backups

Backup testing cannot stop – not even in a pandemic.

Similarly, backups should not be tested less frequently, no matter how busy your IT team is. All it takes is one corrupted backup to derail your operations when a restore is urgently needed. If the backup hasn’t been tested, then you won’t know there’s a problem until it’s too late.

If your testing is currently a manual, tedious process, consider transitioning a backup solution that tests backups automatically. For example, Datto’s SIRIS and ALTO solutions enable frequent and automatic validation of backup integrity, immediately after completion. The backup is test-booted as a virtual machine, and if there are any red flags, admins are alerted.


Rethink recovery

Restoring a backup should no longer take hours or days. For most businesses nowadays, recovery needs to be much faster – especially if the company is already on shaky footing due to the economic crisis.

Leading backup solutions now offer a multitude of recovery options to help companies get back to business quickly after a data disaster. For example, select systems allow you to rapidly rollback only data that has recently changed (i.e. in a ransomware attack or failed O/S update), instead of requiring the entire backup to be restored.

Additionally, capabilities like backup virtualization enable businesses to boot their backups as virtual machines. Typically, this takes just seconds, allowing businesses to quickly regain access to critical applications. Combine that with the added protection of off-site virtualization, and recovery can happen from anywhere.


Don’t forget SaaS backups

With the shift to remote working, many businesses are relying heavily on cloud-based platforms, such as G Suite and Office 365. But even though this data is stored in the cloud, it’s not fully protected against threats that occur on the user end, such as accidental file deletion, overwrites or encryption from ransomware.

Microsoft and Google offer limited restore capabilities for these instances, which is why it’s vital to back up your SaaS data independently with third-party tools.

Cloud-to-cloud SaaS backup platforms like Backupify automatically back up data within G Suite and O365, making it instantly recoverable when data loss occurs.


Need help with backup policies during COVID-19?

For guidance on how to optimize your backup strategies and technologies during these challenging times, contact our business continuity experts at Invenio IT. Call (646) 395-1170, email or request a free demo of our recommended backup solutions.

New call-to-action

Dale Shulmistra is a Business Continuity Specialist at Invenio IT, responsible for shaping the company’s technology initiatives -- selecting, designing, implementing & supporting business continuity solutions to bolster client operational efficiencies and eliminate downtime.