World Backup Day: Backups - Your Safety Net

🔄☁️ Having a robust backup is being prepared against data loss and data theft.  March 31st is World Backup day to remind everyone of the importance of having a robust and accessible backup.

What is a backup?

A backup is a copy of all your important files, it's a different purpose from an archive. From a personal perspective that might include family photos, videos, documents and emails. From an organisation's perspective that could be systems that hold personal data you have collected and process, such as an HR system, it might include photos, documents and videos.  An organisation might not need to backup every file, so it's important to understand what should be backed up.

The World Backup Day website is encouraging everyone to make the pledge to backup important documents and precious memories today: 👉World Backup Day

Why do we need to backup?

🛡️Data Protection:

• Legal mandate: Under data protection law you should keep any personal data safe that you hold. Keeping a backup helps you meet the DfE Cyber Security Standards.
• Subject Access Requests: Backups help you ensure you fulfil data access rights requests.
• Prevention of Permanent Loss: Helping you meet the availability data protection principle.

🛡️Cyber Security

• Ransomware Immunity: Modern immutable backups (data cannot be changed or deleted) are the only 100% effective defence against ransomware encryption.
• Neutralizing the Threat: a clean backup will allow you to wipe and restore without negotiating with a hacker over ransomware. Public authorities will soon no longer be allowed to pay ransoms.
• Integrity Checks: Backups allow you to compare current (potentially tampered) data against known good data to spot unauthorised changes

⚠️Disaster Recovery

• Business Continuity: Disaster recovery backups allow you get your organisation back up and running in hours rather than days or weeks.
• Physical Disaster: Fires, floods or theft can destroy or damage hardware.  Offsite and cloud backups means that information survives even if the building does not.
• Infrastructure Building: Backups of system images will allow you to re-build servers and networks from scratch with new hardware.

🙍‍♂️Human Error

• Accidental Deletion: is one of the main causes of data loss. Backups provide a safety net for that 'oops' moment.
• Malicious Insiders: This could be a disgruntled employee or student who intentionally deletes records before leaving.  Backups allow the damage to be quickly reversed.
• Overwriting Mistakes: Backups protect against 'saving over' a complex spreadsheet or document with incorrect information.

💻 System Failures

• Hardware Lifespans: Backups ensure that when hardware die that the data doesn't die with it. All physical devices have a finite lifespan.
• Update Crashes: If a critical operating system or software update doesn't work, a backup allows you to roll back to a previous state.

🔢 Version Control

• Historical Accuracy: Backups allow you to track the evolution of data.
• Audit Trail: It might be necessary to track any changes to data over time.
• Corruption Rollback: If a files becomes corrupted, versioning allow you to go back far enough to find a good copy.

😊 Peace of Mind:

• Stress Reduction: Knowing you are able to recover from a disaster gives peace of mind.
• Decision Confidence: Changes and upgrades can be made knowing there is a 'fail-safe' backup.
• Reputational Security: You won't need to make a public apology for losing personal data.

⚖️Compliance:

1. Standards: The DfE Digital Standards mandate specific backup protocols for schools and colleges.
2. Sector Regulations: certain industries, such as finance, require records to be kept a set number of years.  
3. Insurance Requirements: You should abide by the requirements of your cyber insurance policy.

---

If you are a school, college or multi academy trust you should refer to both the Cloud Solution Standards and the Cyber Security Standards for guidance about Backup Best Practice 👉DfE Digital Standards Overview

---

 Regular backups are the most fundamental and vital cyber security practices; they are your indispensable recovery safety net, ensuring that even if disaster strikes, valuable data can be restored.

---

The Golden Rule: The 3-2-1 Backup Strategy

This widely recommended strategy ensures robust data protection:

• 3 Copies of Your Data: Keep your original data plus at least two backup copies.

• 2 Different Types of Media: Store your backups on at least two different storage types (e.g., internal hard drive + external SSD, or cloud storage + network-attached storage).

• 1 Copy Offsite: Keep at least one copy of your backup in a geographically separate location (e.g., cloud storage, or an external drive stored at a friend's house or a safe deposit box). This protects against local disasters.

Key Backup Practices:

• Automate: Use automated backup solutions whenever possible to ensure consistency and reduce human error.

• Encrypt Backups: Encrypt your backup data, especially if stored offsite or in the cloud, to protect it from unauthorised access.

• Test Regularly: Don't assume your backups work. Periodically test your recovery process by attempting to restore a file or even a full system from your backup. This confirms data integrity and ensures you know how to perform a restore when needed.

• Version Control: Retain multiple versions of your files in backups, allowing you to roll back to a point before data was corrupted or encrypted.

Backups are an investment in peace of mind. They are the ultimate insurance policy for your digital life, ensuring business continuity for organisations and preserving precious memories for individuals.

---

💡Tip: Verify Your Backup's Last Run!

Today, check the status of your backup solution (cloud service or external drive software). Confirm when the last successful backup occurred and if there are any errors. If you don't have one, research simple cloud backup options like Google Drive, Dropbox, or OneDrive.

---

Backups are a critical component of cyber security because they provide a safety net in case of data loss, corruption, or cyber attacks.  They are essential for safeguarding data integrity and ensuring that an organisation can recover quickly from cyber attacks,  hardware failure or other unforeseen data loss events.

🛡️Consider your backup processes and methodology.
🛡️Are you able to restore the server configuration from a backup?
🛡️How relevant is the data you have backed up?
🛡️Is your backup protected from malware/ransomware?
🛡️Where are the physical locations of your backups?

Schools and Multi Academy Trusts Should:

For systems that you use that are cloud based, such as your MIS and your organisation's website - have you checked that they hold an appropriate and up to date backup of your data as part of their regular service?

DfE Digital Standards

The DfE Digital Standards are a set of standards set out by the government to help schools safely procure digital services, software and hardware.  Six of those standards, including the Cyber Security Standard, which includes backups, should be completed by 2030.

Review the DfE Meeting Digital and Technology Standards in Schools and Colleges : which advises you to backup (specifically the Cloud Solutions Standard). The most common risk of cloud data loss is accidental or deliberate data deletion by users. Although data loss by cloud providers is uncommon, it can happen.  Loss of data can lead to a data breach and mean you need to inform the appropriate authorities. It may also obstruct or prevent critical business operations. You should already be meeting this standard to help safeguard, protect and secure your data and systems. It is also a requirement for meeting data protection legislation. For further help, guidance and trackers to assess and monitor your progress: https://digitalstandardstracker.co.uk/

Review: NCSC Backing up your Data

Watch our free micro learning video about backups: