Do You Have a Backup Process and Is It Secure?

| November 23, 2016 | Regulations & Security

It was simple. The thief broke the small back window of the car, unlocked the doors, and stole an office computer from the trunk.

When I received the news I calculated the potential loss: at least 400 hours of work at a cost of about $10,000.00 (USD); the delay in the company’s productivity as we focused on replacing the work; and $800.00 for the computer. A potentially devastating event for the finances and momentum of our small business.

Fortunately, everything was backed up and the only loss was $800.00. Crisis averted.

Many small business owners understand their reliance on technology and the information stored within it, but they don’t consider what the impact would be if one day that information was not available due to theft, crash, glitch, malfeasance, or other event. This article discusses what to consider when implementing a backup process and how to ensure that process is secure.

First, evaluate the environment that needs to be backed up. This will allow you to determine the appropriate tools for the backup.

  • Is it one computer or multiple? If it’s multiple, are they on a company network?
  • Are the devices in question laptops that are intermittently connected to the internet, or are they desktops that are always connected?
  • Do you need to back up data on phones or tablets?

Second, evaluate what needs to be backed up.

  • Is it an entire server that runs your emails?
  • Is it a complex transactional system?
  • Is it text, spreadsheet, and presentation data?
  • Is it your customer database and if so, does it include any sensitive information that could put your customers at risk as well?

Third, evaluate how often the information needs to be backed up. If it’s a transactional system you need to back it up in real time so not a single transaction is lost.  If it is general work product you can probably wait until the end of each day for backups.

Next, who should have access to these backups? Some information is more sensitive than others and should be controlled differently.  You don’t want everybody in your office to have access to your customer database, but the level of control over a sales presentation is likely less stringent.

Finally, look at how the backup process could affect your day-to-day productivity. When you conduct the backups it may slow down your computers or servers and also use up bandwidth while crossing the network.  Take the time to fully understand the impact and what technology upgrades might be necessary

After considering the above five points your backup process is almost ready for implementation. Now it’s time to confront the problem you have created by centralizing all this information.  Walk through these next four areas to evaluate the security of your backup process.

Transfer: How is the information transferred to the backup system? Make sure that it does not cross an open wi-fi network where your data could be intercepted.  Even if it crosses a secure network, there should not be any penetration points for intercepting the data as it is transferred across the network. Also, find out if your backup system encrypts the data before transferring it.

Storage: Where is the backup stored? If it’s locally, then can it be physically stolen? If it’s stored offsite by a security company, then how do they protect it? If it’s on the cloud, then what security steps does the company take to prevent hacking or data failure?  Is the data encrypted, is the encryption password stored with the company or with you, and who at the company has administrative rights over your data?

Re-establishment of Systems: Can you use the backups to bring your systems back online? The backups are worthless if you or your technical staff don’t know how to re-establish the systems from that data or the time required to do so cripples your business. It is highly recommended that you do a trial run to ensure you can bring your systems back up or that you know exactly where the most important files are and how to quickly load them back on the computers of your employees

Damage: If someone does access your backups what would be the consequence to your business? Are there specific files that would result in more damage than others? Make sure the most sensitive files are better protected than others and that you have a contingency plan in place in case they are ever accessed.

Each day information and systems become more integral; a robust and secure backup policy is critical to safeguarding the longevity of your business. Take the time to evaluate yours is up to par.

I can guarantee that one day you will be glad you did.

Follow Ian Haet on Twitter @IanHaet and learn more about his experience with information security.

Ajeet Khurana
Ajeet Khurana
Ajeet Khurana wears many hats: author, angel investor, mentor, TEDx speaker, steering committee of the NASSCOM Start-Up Warehouse, Director of Founder Institute, Venture Partner with the seed initiative of a top Venture Capital firm, and former CEO of IIT Bombay’s business incubator, among others. Before all this, he was entrepreneurial twice in the field of education and web publishing. As a lecturer at the University of Texas at Austin, he taught e-commerce back in 1993, when the term "e-commerce" had not yet been coined. An undergrad in computer engineering from the University of Mumbai, and an MBA from the University of Texas, Ajeet is presently an active name in the startup ecosystem. From starting two ventures as a solopreneur, to helping a large number of startups with their go-to-market, he has never shied from getting his hands dirty. At the same time he has helped dozens of startups raise investment. He truly believes that small business owners are driving change in the world, and need to be facilitated as much as possible. Innumerable small businesses have gained from his attitude, vast professional networks, financial acumen and digital mindset.

See all posts by Ajeet Khurana
  • All views expressed on the published articles at are those of each of the authors, and do not in any way represent the opinions of Mastercard International Incorporated or any of its affiliates (“Mastercard”). Mastercard is not responsible of the information contained in these articles.