Data security today is not just about having a robust online platform. No matter how reliable and secure any platform may be, there are other factors that can contribute to breaches. In fact, poorly managed data backups can even become their own worst enemy when it comes to keeping data safe. In this post, learn tips for how to keep your data safe and secure before, during and after backups.
Include Data Backups in Your Risk Assessment Audits
Data backups have become such a routine task it can be easy to just forget they are even taking place. This is why it is important to include a line item for your risk assessment audits that requires evaluating data backup security.
Things to look for:
– Who controls data backup.
– Who has access to data backups.
– What backs up your backups?
– How are backups affected in a power outage?
– Where and for how long are old backups stored?
Evaluate How Your Partners, Vendors and Subsidiaries Secure Data Backups
Unfortunately, even if you have the world’s most robust online security, your data can still be compromised if you do business with any partner, affiliate vendor or subsidiary that has holes in their data security plan.
So you need to establish data security protocols that govern now just how you back up and secure your data, but how any partner, et al, that you work with does also. Failure to comply with your data backup policy can then become grounds to terminate the relationship.
Be Sure You are Using a System that Supports Encrypted Backups
Data encryption is not just for data transmissions anymore. Any and all data should be encrypted – including backup data. This may require updating your hardware and/or software to a system that supports data encryption for data backups.
Once encrypted, even if your data is compromised, there will still be yet another barrier to hackers‘ or cybercriminals‘ ability to actually access and use your backup data.
Add a Strong Passcode to Each Backup
In addition to encrypting data that is backed up, you can password-protect each backup session with its own strong passcode. In the same way that thieves prefer to target homes without any displayed evidence of a home security surveillance system because they are the „easy marks,“ so too can password-protected data backups become suddenly less enticing to cybercriminals seeking the same.
Only Back Up What Truly Needs Backing Up
The more data you choose to back up, the more data you have to monitor and the more risk you have to control for. So choose what gets backed up with care. But don’t overlook sensitive data either – especially if your staff includes remote workers and you don’t use a cloud-based centralized storage and transmission server.
So look at all possible sources for where sensitive data may exist, such as on remote devices, phones and tablets and your central server, and be sure that anything that needs to be backed up is getting backed up, encrypted and password-protected.
Take a Good Hard Look at Storage Facilities for Data Backups
Not only is it entirely possible to lose valuable data through a lost or stolen remote device (as too many companies have lately discovered the hard way!) but on-site physical data theft is not too old fashioned to appeal to cyberhackers who can’t acquire your data any other way.
For this reason, whether your data is being backed up and stored in the cloud, onsite via a physical server system or remotely on individual devices and computers (and especially if you are using a combination of both methods), you need to be sure that any place where data is being backed up and stored is also secured.
This may include requiring staff who use remote devices not connected to a central server system to upload that data for backup through your central system.
Specify a Single Backup Server
If you have the kind of system that permits specifying that data being backed up can be send to any available server, then it is time to close the loop.
Here is what to do:
– First, you need to ensure that both the server and the device can authenticate each other.
– Next, you need to secure the transmission – in other words, to make sure the network being used to transfer the data is also secure.
– You also need to ensure the data is encrypted the moment the transfer begins and encrypted again in its backed up state.
Be Sure Your Firewall Permits Backups
The stronger and more secure your corporate firewall is, the more trouble you may have transmitting data to be backed up through it. So you need to be sure you can configure your firewall to permit certain authorized IP addresses to pass through the firewall unimpeded.
Don’t Forget to Train Your Staff!
Even the most secure and highly specialized data backup security solution is only as good as the greenest employee who has access to it. So a critical component of guarding against data breaches is training your employees on a continual basis.
You will need to conduct your staff trainings in two parts:
– One, offer detailed guidance in how to conduct secure backups of data from in the office and remotely.
– Two, offer continual, simple reminders of how important it is to follow your company’s security protocols when backing up sensitive data.
Select a Hosting Provider That Emphasizes Secure Data Backups
Today’s hosting providers may offer many extra bells and whistles along with basic data hosting and storage solutions. But be sure not to get caught up in extra features until you have evaluated the basic security protocols for data creation, storage, transmission and backup.
You want to select a hosting provider that is fully compliant with all of the latest security protocols – both nationwide and within your industry. You want to be sure your hosting provider has its own system in place in the event physical facilities or hardware/software is compromised. Finally, you want a hosting provider with a full emergency response plan in place should the unthinkable occur and your data is breached despite all your best efforts otherwise.
By following these 10 tips to the letter, you can ensure your data stays safe and secure regardless of what else may be going on with collaborators, competitors, partners, vendors, suppliers, customers or anyone else anywhere that you may be doing business with.