Are you following these five best practices to protect your data?

The ransomware attackers aren’t just after your data. They want your data backup too.  Organizations need to be prepared because the technologies around these attacks are getting more sophisticated, said Brandon McCoy, Senior System Engineer with Veeam at a recent ITWC briefing.

“The goal is to get organizations to pay out,” said McCoy. “The criminals will encrypt your data and delete the backup to make that happen. We’re seeing this more often now.”


It’s important to take a holistic and multi-layered approach to data protection, said Dale Levesque, Director, Cloud Data Protection and Recovery at iland. “It’s about business outcomes,” he said. “Organizations should look at acceptable downtime and how that fits with their business continuity and financial requirements. If you lose all your data, how much will that cost you?”

Five best practices in data backup and recovery

Levesque and McCoy discussed five key steps that will help organizations protect their data from cyber attacks:

  1. Define your needs and budget

As part of their overall business plan, organizations should determine their recovery time objective (RTO) and recovery point objective (RPO), explained Levesque. RTO refers to how quickly the organization needs to be up and running after a disaster. Organizations should define their priorities in specific areas, Levesque said. For example, tier one applications such as credit card processing have to be up immediately, whereas other applications may be less critical. With RPO, the question is how much data can you afford to lose over what period of time?

“In a perfect world, we just want to instantly turn everything back on,” said Levesque.  “But when we start talking about the price and the infrastructure overhead required, that’s not always feasible.”

  1. Know your responsibilities when working with third parties

People are sometimes surprised because they think that when they’ve moved to an online service, everything is going to be taken care of for them, Levesque. “But at the end of the day, you are responsible for your data and for your business.”

  1. Stick to the three-two-one rule

The three-two-one rule requires that organizations keep three copies of data on two separate media types and one offsite copy, said McCoy. “Not only do you have multiple copies of your data in case a repository is corrupted, but you’ve got one off-site in case there’s a physical failure,” he said.

  1. Keep authorizations up to date

Organizations must be proactive in removing users, such as ex-employees, that no longer need access. “Otherwise, they still have the keys to the kingdom,” warned McCoy. “Always protect on all fronts.”

  1. Test, test, test

One of the biggest points of failure when it comes to recovering data and applications is assuming that everything will work without testing it, said Levesque. In his view, it is not enough to test once a year. Rather, recovery systems should be tested at least quarterly or even better, monthly. “The longer time it goes, the more opportunity for failure,” he said. “The disaster is not going to wait until you’re ready. It’s going to hit when you least expect it, so be prepared by testing frequently.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Cindy Baker
Cindy Baker
Cindy Baker has over 20 years of experience in IT-related fields in the public and private sectors, as a lawyer and strategic advisor. She is a former broadcast journalist, currently working as a consultant, freelance writer and editor.

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now