Reviewing Your Backup Checklist

With World Backup Day just behind us (and yes there really is such a thing – it was March 31^st), now would be a good time to review your backup checklist to ensure your critical data has the protection that your organization requires. The following backup checklist can help guide you through the process of verifying that your backups are doing what you expect them to do, and what they need to do to protect your sensitive data.

Let’s have a look at some of the main items to check off in your backup checklist:

Your Backup Checklist starts with your documentation

• Make sure your backup policies reflect your values: The first place to start with your checklist is to check your policies to make sure that you really are backing up the data that you need to protect. Your policies should identify the data that needs to be backed up, its priority, as well as the frequency and type of backup that you need in order to meet your Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).
• You need to have Runbooks that describe the backup procedures. Next, you should have documented procedures that describe how to perform your backup operations.
• Even more important than documentation showing how to perform your backups is the documentation that shows how to perform restoration of the different types of data that you may need for different recovery scenarios.

How can you protect your data?

• You need to have a log of all your backups. In addition, you need a log that shows when your backups were run as well as the status of the backup operation – showing if it succeeded or failed and in the case of a failure, your log should provide additional diagnostic information.
• You need to have at least three copies of your backups: In accordance with the 3-2-1- backup rule, you should make sure that you have at least three copies of your backup data, which helps to ensure that at least one of your backup copies will be usable in the event that there is some type of data corruption.
• Your backups need to be stored on at least two different types of media: Traditionally, this meant one copy on disk and another copy on tape. However, today most businesses have replaced tape backup with cloud backup.
• You have at least one backup copy offsite: In case of a site disaster, at least one copy of your backups should be kept offsite. This could be an alternate recovery site, but more often than not the cloud is usually the preferred location for offsite backups.
• Have an air-gapped backup: With today’s ransomware threats, keeping an air-gapped backup – a backup that is stored completely separately from your production network – has become an effective way to protect your backup data from ransomware. Many of today’s ransomware strains actively search out and attempt to corrupt backup data, so keeping a copy that cannot be reached through your network can prevent this.
• You need to have tested your backups – While there’s no substitute for making backups, in order to be confident that those backups will work when you need them, you also need to have a regular testing schedule for your backups. Fortunately, many of today’s tier one backup products include the ability to incorporate automatic backup testing into your backup routines.
• Your backups need to be in a secured location: By definition, your backups contain sensitive and critical data. Both your onsite and offsite backups should be in secure locations where they can only be accessed by authorized personnel with the proper credentials.
• Offsite and cloud backups need to be encrypted: Beyond simply storing your backups in a secure location, if your backups are offsite or in the cloud they should be encrypted to provide an additional level of protection.
• Make sure your backup software is updated: Finally, make sure you have the latest updates and security fixes for your backup software.

Backing up your data is critical to your business, and this checklist can help you to ensure that you are backing up the data that you need to and that those precious backups will be usable if you need them.