hero

3-2-1 backup

The conducted research shows that:

43% of respondents manually transfer data to a flash drive or external hard drive.

35% of respondents transfer their backup data to a free cloud, eg Google Drive, Microsoft OneDrive, iCloud.

28% of respondents back up to a different drive but still on the same computer. Here it is worth noting that this does not guarantee any security in case of any of the events described above. Such files are lost with the original, often irretrievably.

12% of respondents keep copies in paid clouds.

8% of respondents upload files to private servers.

Previous entries discussed the principles of maintaining security when using smartphones and creating passwords. Another important aspect of digital security of your organization is a back up. Establish a backup policy and policy first. When creating them, it is worth taking into account data retention, planned recovery time, type of backup (incremental, total), data type, backup mechanisms (online and offline) and its speed as well as the planned medium.

In order for the backup to be effective, it is necessary to create backups regularly, in the recommended model 3-2-1, which means that important files should be stored in 3 copies, on at least 2 different media, 1 of which should be off-site.

Unfortunately, the latest data do not fill us with optimism, especially in the face of the growing wave of ransomware attacks (involving disk encryption and extortion, usually paid in cryptocurrencies) and the constantly growing amount of ransom payments. In Poland, only 24% of respondents declare that they perform backups regularly and 26% never do it! Among the remaining respondents, 33% do it ad hoc, another 17% perceive its importance only after an undesirable event. The statistical research was carried out by the SW Research studio on a sample of over 1000 companies in March 2021.

Everyone (individuals and companies), regardless of size, industry or number of locations, should perform regular backups. It is impossible to overestimate the importance of the security of stored and processed information, as well as our responsibility for it. A good backup procedure can be helpful not only in the event of a digital attack, but also in the event of random events such as fire, flooding, loss or theft. Data backup is considered to be the absolute basis for implementing a security policy.

The frequency of copies made is an individual matter. The basic question that should be asked when planning them is: "What period of data loss can you afford without incurring significant financial / reputational losses"? Most large companies do them every day, but even in a small company or in private life, it is good practice to create a backup once a month.

An important issue is also to determine what method of backup we choose. Backup can be divided into 3 types:

  1. Basic copy - Includes all files. This method is used to make an exact copy, and access to it is similar to accessing the original.
  2. Differential backup - files that have changed since the last basic backup are copied, whatever differs the current state of the data.
  3. Incremental copy - files added from any recent copy are copied, we only archive what has come / grown.

Implementing the appropriate procedure or developing a habit is only half the battle. An equally important issue is restoring the backup, or more precisely, safe storage of copies and guarantee of access to them as soon as possible when necessary. This task should be left to professionals, at least at the system / procedure design stage. However, it is our responsibility to periodically verify the correctness of our backups and data recovery procedures. Companies and individuals have often never attempted to recover data until a failure occurs, and then it turns out that recovering complete data within the assumed time is impossible.

Michał Kaczorowski, MAIN Cloud Solutions Architect
Michał Kaczorowski, MAIN Cloud Solutions Architect

Currently, there are many models available that allow you to scale this process practically endlessly. We asked for a comment on this topic from Mr. Michał Kaczorowski, Solutions Architect at MAIN Cloud. “Many users back up their data without a specific plan. Often it is a simple "bag" for data, necessary in the event of the need to restore files deleted by accident by the employees of the organization. Lack of specific backup policies is not uncommon, and therefore RPO (Recovery Point Objective) and RTO (Recovery Time Objective) parameters are abstract and not applicable.

Due to the lack of competence and awareness, as well as the lack of adequate financing, data loss occurs not only through ransomware, but also negligence, which often have a similar share in data loss by organizations. In most cases, the problems described concern small and medium-sized organizations.

It is worth adding that the awareness of the quality of backup data storage policies is increasing, which goes hand in hand with the awareness of administrators and management. Increasingly, data is transported to a second data center or to the cloud in different ways."

The conclusion will be sad - we are not surprised that so many Polish companies are victims of ransomware attacks, cybercriminals target organizations from our region. As specialists in this field, we share knowledge about the areas that are the essence of cybersecurity. Awareness in the 0-40 age group is already high and is constantly growing, unfortunately the social security number is a significant barrier in creating new, good habits.

It does not matter if you want to protect photos on your smartphone, secret information or data that you process on a daily basis in the company. Regular backup should become a good habit, and in the company it should be described by an appropriate procedure that has been and will be tested.

If you have doubts or would like to know the details, please contact us to find out more: