For example, an extreme weather event or even a burst water pipe may damage your hardware. Or your business may experience a cyber attack that wreaks havoc on your network. As a result, you may lose sensitive business and customer data.
At the very least, you may be chasing your tail on lost project work and your customers may take their business elsewhere and loudly advise your prospects to do the same. And then there are the requirements for notifiable data breaches under the Privacy Act.
The 2019 Telstra Security Report found that 1 in 4 Australian businesses don’t have an incident response plan in place to deal with damaging cyber-attacks when they happen. Let’s look at the why, who, what, where and when of data back-up, so you can prepare your business today.
1. Why should I back-up my data?
It’s important to understand regulations and legal requirements for managing data, and the risk that data loss presents to your business.
For example, if you operate a financial services business, you may have to comply with strict Australian Prudential Regulation Authority rules governing data management and protection.
If you are involved in healthcare, you are bound by legislation and regulation to protect sensitive patient information. Whatever industry you are in, it is your responsibility to understand any obligations you have that affect how and when you back-up data.
However, you will also need to be able to quantify any damage to your productivity, reputation and brand. This requires conducting a full analysis of what a disaster could mean to your business.
Protect your business from online threats.
Telstra Business Cyber Security Services can assess your business’s needs today.Find out moreProtect your business from online threats.
2. Who would be impacted by a data loss?
Your business should understand and protect the interests of all its stakeholders when delivering business continuity, including creating and executing a plan for data back-ups.
The ‘people’ side of business continuity and data back-ups extend to creating teams with the skills to respond to, manage and recover from an incident. Each team should incorporate people skilled in the technical aspects of recovery, with people responsible for service delivery and customer relationships.
In addition, your business should regularly test its plan, so your team can keep their skills and expertise up to date and accommodate the emergence of new technologies and threats.
3. What data do I need to back-up?
It’s important to understand the data that your business holds and the workloads you run in your IT environment, including any interdependencies between systems.
- What services do you provide to your customers and what would be the impacts if your IT systems fail?
- What IT systems and applications does your business need to support end users and customers?
Many businesses back-up file-sharing workloads and collaboration systems such as email and messaging systems. However, businesses typically appear to be less concerned with critical business management and revenue-generating systems. Things like e-commerce applications, enterprise resource planning systems and online applications can often be forgotten.
You should determine the importance of these systems to your business, or you can outsource an expert if you need a helping hand.
4. Where should back-ups be stored?
Cloud services can support corporate security and sovereignty requirements, while delivering the flexibility, agility and consumption-based models modern businesses demand.
Businesses can now access fast and reliable back-up and restoration services to store and retrieve data, for reference, regulatory compliance or business continuity. These services may span email, servers, hybrid services encompassing multiple providers, and even ease the occasionally fraught migration process.
5. When do I need my systems and data restored?
The key is to identify the recovery point objective (RPO) and recovery time objective (RTO) for your business. The RTO is the time for a system to be recovered and made ready for use by the business. The RPO is the time when the last back-up of data was made (reflecting how much data would be lost during a disaster.
- How long could your business function without IT systems?
- How would your business know what outstanding bills a customer needed to pay?
- How long would your suppliers wait to be paid?
- What alternative methods and procedures could employees or end users perform while your systems and applications were out of service?
- At what cost and for how long could your business cope if revenue wasn’t generated?
The range of back-up options available to business has never been wider. You can adopt a solution that meets all your requirements, while allowing you to focus on core business activities. So, what are you waiting for? Make the time to review and update your back-up plans today.
Originally published November 25th 2016. Updated February 6th 2020.