Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses – What questions should I be asking about my backup
[start of transcript]
Hello. My name is Roger and today, I’d like to talk about what questions I should be asking about my backup.
There are three main questions about for business about what information should be backed up. So, we need to know what are we backing up? Are we getting everything that is really important to the business? Does it include email? Does it include personal databases? Does it include your accounting system?
All of that information is really critical to your business because if something went belly-up on that PC over there, what would the consequences to your business be? And that is why you need to understand what you are backing up.
So, if you are getting all of the business data, then that’s a really good place to start.
The next question is how often should we be backing up? And if we are backing up, how often is often enough? If it’s an email, can we go 24 hours? So, if something happens in this 24-hour period, can we recover? Or do we need a smaller window of backing up? And also on top of that, the amount of information that we are backing up, how bigger window have we’ve got before we can start creating a new information that they need to be back up the following day.
Now, you can look at it in two ways: you can have historical data that is being backed up, so everything that is happening, as I said, 24 hours, and we’re keeping versions of those 24 hours in three months intervals or six months intervals or 12 months intervals.
But what about if your business is a very busy office and there’s a lot of transactions going on your database everyday in every hour and every minute, how long can you survive if something goes belly up and you have to recover?
If you have to recover and you have been generating, let say, 10-Meg of data every minute, that 10-meg of data can be monumental mass of transactions so do we need to have an incremental system on top of the 24-hour backup that is going to capture that information? And that is also very important.
And the third question you should be asking about is where is it being stored? Are we using tape? Are we using backup or a backup hard drive? Are we using an internet connection? And as a subset of that, is there any human intervention in making sure that the backup happens. Does the tape has to be changed or does the hard drive have to be unplugged and re-plugged in? Or does it have to have its own internet connection and do what it needs to do?
And on top of that, are you getting a report every time it does a backup? And in that report, is it telling you exactly what has been backed up, where it is stored and how you can start recover from it?
Thank you very much.
[End of transcript]