One of the most important elements in any IT system are the backups of the data. Backups can cover for all manner of sins - from malware to hardware failure to human error. Having good backups isn't difficult but it is a PROCESS and one that many people do poorly. To do it right you need to address three questions:
Are the Backups Complete?
Are you overlooking any important data? This may mean sitting down and taking an inventory of all key data.
There may be key data being stored on workstations – if that’s the case you need to address backing that data up. Perhaps that means moving it to a server or syncing it to a server or just setting up a backup for that particular workstation.
You need to be aware of ALL shares on ALL servers and check those shares for any key data that might not be getting backed up. Don’t assume. Confirm.
Are the Backups Current?
Check the logs and make sure that you have good RECENT backups. A complete backup from a week ago is nice, but a complete backup from last night is better. If the backups are failing, you need to know why and address that ASAP. Don’t assume. Confirm.
Are the Backups Working?
Have they been tested? It does us no good to have a complete backup from last night if it’s corrupted and no files can be recovered from it. Don’t assume. Confirm.
Here’s an easy way to test backups:
Create a dummy file in the production file system. Clearly indicate in the filename that it’s a test file. You can even name it “BACKUP TEST FILE – IGNORE”. It can be a text file, a Word document, doesn’t matter.
Let the normal backup process back up the test file along with the other files.
After a week or two of it getting backed up (we hope), delete the test file from the file system.
Try recovering the test file from the backups.
How often should you test your backups?
When you first set up a backup system I would test them every week for a few weeks. Once you're comfortable that it's working properly, test as often as you feel comfortable. I usually recommend testing quarterly.
The software you use to back up is not that critical. All versions of Microsoft Windows sold in the last decade or two include built-in back up software that is primitive but often adequate for simple backups. There are also a number of third-party backup products that are more robust and may be a better choice for a large organization.
What you DO need to make sure of about your backup software is:
- The software is still going to be around when you need it. Buying a copy of "Bob's Backup Express" is great...unless you can't find that software 3 years from now when your drive dies and all of the backups you've been making are now inaccessible.
- You are comfortable using it. The best backup software is the one you can use to recover your files when you need them. You can have the most expensive, fanciest, most robust backup software ever made but if you (or your IT guy) can't configure it correctly or can't use it to properly restore your files then it's useless.
In the old days we used to back up all of our data to tapes. There are people who will tell you that tape isn't dead as a backup medium...those people are mostly people who sell tape, or tape drives. Tape is slow and tape drives are increasingly rare. I have dozens of clients with ancient tapes on shelves and no tape drive they can use to read those tapes.
I recommend backing up to an external hard drive. Drives have gotten very inexpensive and there are a variety of ways to connect them to your system. Simple drives can be connected via USB or Firewire, or in a larger environment a techology like eSATA could be used to attach the drives.
Network Attached Storage (NAS) devices are very inexpensive as well and can be a good place to store backups. HOWEVER...NAS devices are rarely taken off-site. It's important to not only have a good, current, backup of your data on-site, but to have a good, recent, copy of your data off-site. Just in case something happens to your site. If you have a building fire it might not just destroy the server but the backups that are on the shelf above the server. Have a good off-site backup that you can recover from.
External hard drives are good at that - most external hard drives these days are the size of a book and can readily be disconnected and taken off-site. Where to? Anywhere secure and climate controlled. Doesn't have to be a bank vault (though that would be good) but not the dashboard of your car.
One of my clients burns a copy of all of his critical data to a DVD once per month and then mails that DVD to his mother in another state. As a disaster recovery method that's not bad. (he also has current backups on-site, backed up to hard drives).
Here are a couple of external hard drives that make good backup drives:
They should be used as a SUPPLEMENT to a local backup, not as a replacement. If you ever have to do a FULL restoral of your system it may take a long time to download all of your data again from an online service. In those cases I'd rather have a good, local, backup rather than having to sit and watch all of my data stream back to my computer across a slow connection.
Make sure that your data is encrypted. Both in transit and in storage. I don't want some 3rd party backup provider to be able to get into my data - I want to encrypt it, then send it to them to hold in case I ever need it back.
Make sure your backup provider adheres to your data retention policies. If documents are supposed to be expired from your production server AND your backups you don't want your online backup provider keeping a copy of that data which could later be discovered.
Make sure you know WHERE in the world your backup provider is storing your data. You may not mind if your data is being stored in another state, but what if your data is being stored in another country? Could there be problems if your backup provider outsources their data storage to a data center in China or India or Venezuela? Maybe. You'll have to decide for yourself how comfortable you are potentially having your data stored in a foreign country, subject to foreign laws and regulations. But ask the question so that you know what you're getting into.
How Often Should You Back Up?
How much data can you afford to lose? I have clients who back up every hour - that's pretty often. I have clients who back up once a week - that's a little scarce. Most clients back up every night. If they have a system failure or data loss they can, at least theoretically, restore their data as of last night. It's up to you how often to back up.
How Many Backups Should I Have?
That's also a case-by-case decision. Some clients want to have many copies of their backups for security. Some clients want multiple versions - so they can back up to last night, last week or last month. I recommend having at least two copies of your backups. Occasionally a backup will get corrupted or otherwise goofed up (technical term) so having a second backup is easy insurance to reduce the chance that your backups are useless when you need them.
An easy way to have two backups is to rotate your backup media. If you're using external hard drives, get two of the external hard drives and alternate them every night or every week. Take one of them off-site (the bank or a locked cabinet at home or ?) and swap the two drives on a regular schedule. If one drive fails the other will hopefully still be good and not more than a few days or a week old. Bad? Yes, but better than losing everything.
But I Use the Cloud...I Don't Need To Worry About Backups, Do I?
You always need to be concerned that your data is backed up, but if your data is hosted by a cloud-based provider (like Clio, Rocket Matter, BPOS, Intuit, etc.) you shouldn't have to worry about the day-to-day backups. Presumably they are handling that.
HOWEVER...I still recommend that you have a local, recent, copy of your data.
- Cloud-based providers can fail. Either due to human error, mechanical failure, acts of nature...
- What if you get into a billing dispute with your provider and they cut you off?
- What if your provider suddenly goes out of business? Remember the "ASPs" of the last decade?
Your cloud-based provider should have some mechanism for you to get a local copy of your data. (if they don't you should reconsider using that provider). I recommend that on a regular basis (monthly? quarterly?) that you download a copy of that data and stash it away somewhere safe. Just in case.
If your data is important then your backups are important. Whatever method you use to back up your data, make sure it's backed up. Make sure the backups are complete, make sure they're current and make sure they actually worked.