Knowledge base
11 Oct 2022

3-2-1 backup

Mateusz Kopacz
TELECOMMUNICATION SECURITY MANAGER
Implementing the right procedure or developing a backup habit is only half the battle.
Implementing the right procedure or developing a backup habit is only half the battle.

Security saved on disk

Previous entries discussed the principles of maintaining security when using smartphones and creating passwords. Another important aspect of digital security of your organization is a back up. Establish a backup policy and policy first. When creating them, it is worth taking into account data retention, planned recovery time, type of backup (incremental, total), data type, backup mechanisms (online and offline) and its speed as well as the planned medium.

In order for the backup to be effective, it is necessary to create backups regularly, in the recommended 3-2-1 model, which means that important files should be stored in 3 copies, on at least 2 different media, 1 of which should be off-site.

Unfortunately, the latest data do not fill us with optimism, especially in the face of the growing wave of ransomware attacks (involving disk encryption and extortion, usually paid in cryptocurrencies) and the constantly growing amount of ransom payments. In Poland, only 24% of respondents declare that they perform backups regularly and 26% never do it! Among the remaining respondents, 33% do it ad hoc, another 17% perceive its importance only after an undesirable event. The statistical research was carried out by the SW Research studio on a sample of over 1000 companies in March 2021.

Preferably every day

Everyone (individuals and companies), regardless of size, industry or number of locations, should perform regular backups. It is impossible to overestimate the importance of the security of stored and processed information, as well as our responsibility for it. A good backup procedure can be helpful not only in the event of a digital attack, but also in the event of random events such as fire, flooding, loss or theft. Data backup is considered to be the absolute basis for implementing a security policy.

The frequency of copies made is an individual matter. The basic question that should be asked when planning them is: “What period of data loss can you afford without incurring significant financial / reputational losses”? Most large companies do them every day, but even in a small company or in private life, it is good practice to create a backup once a month.

An important issue is also to determine what method of backup we choose. Backup can be divided into 3 types:

  • Basic copy – Includes all files. This method is used to make an exact copy, and access to it is similar to accessing the original.
  • Differential backup – files that have changed since the last basic backup are copied, whatever differs the current state of the data.
  • Incremental copy – files added from any recent copy are copied, we only archive what has come / grown.

Implementing the appropriate procedure or developing a habit is only half the battle. An equally important issue is restoring the backup, or more precisely, safe storage of copies and guarantee of access to them as soon as possible when necessary. This task should be left to professionals, at least at the system / procedure design stage. However, it is our responsibility to periodically verify the correctness of our backups and data recovery procedures. Companies and individuals have often never attempted to recover data until a failure occurs, and then it turns out that recovering complete data within the assumed time is impossible.

Due to the lack of competence and awareness, as well as the lack of adequate financing, data loss occurs not only through ransomware, but also negligence, which often have a similar share in data loss by organizations. In most cases, the problems described concern small and medium-sized organizations.

Michał Kaczorowski
architect of cloud & disaster recovery solutions

At the end

The conclusion will be sad – we are not surprised that so many Polish companies are victims of ransomware attacks, cybercriminals target organizations from our region. As specialists in this field, we share knowledge about the areas that are the essence of cybersecurity. Awareness in the 0-40 age group is already high and is constantly growing, unfortunately the social security number is a significant barrier in creating new, good habits.

It does not matter if you want to protect photos on your smartphone, secret information or data that you process on a daily basis in the company. Regular backup should become a good habit, and in the company it should be described by an appropriate procedure that has been and will be tested.