Data security – backup


At AHACCOUNTANTS, we recognize that the security of your data is vital for the integrity of your business operations in the Nottingham area. As organizations become increasingly dependent on data stored across various platforms—network servers, PCs, laptops, mobile devices, and the cloud—having a robust data backup strategy is essential. This guide highlights critical issues to consider when reviewing your data backup procedures.

Importance of Data Backup

Data backup is a crucial disaster recovery measure that should be implemented regularly. It acts as an insurance policy against disasters, theft, or cyberattacks. Key considerations for effective data backup include:

Systems and Applications Software

  • Secure Storage of Installation Media: Ensure that original software installation media is stored securely off-site, especially if not downloaded. Any activation keys or codes should also be kept secure.

Data File Locations

  • Network vs. Local Storage: In a networked environment, data files may be stored on both the server and local drives. Separate backups may be necessary for each. A comprehensive network solution should facilitate the re-copying of data back to the server from local drives.
  • Synchronization Services: Consider using synchronization services like Microsoft OneDrive or SharePoint to manage data storage instead of traditional network disk storage.

Backup Strategy and Frequency

  • Dual Backup Procedures: Implement two parallel backup methods: one for complete system backups (usually as an image) and another for incremental or differential backups of updated data files.
  • Backup Cycles: The “grandfather, father, son” backup method is effective, involving cycles of daily, weekly, and monthly backups. Certain records, such as accounting data, may need to be retained for six years or longer.
  • Media Longevity: Backup media, like tapes or CDs, should be replaced periodically (every 2 to 10 years) due to degradation. Solutions like disk-to-disk or cloud-based backups mitigate degradation concerns.

Backup Responsibilities

Assign a dedicated staff member to oversee backup procedures. This individual should:

  • Ensure all data files are included in the backup cycle.
  • Adapt backup criteria as new applications and data are introduced.
  • Modify the backup schedule as necessary.
  • Interpret backup logs and address any errors.
  • Restore data in case of accidental deletion or corruption.
  • Regularly test data restoration from backup media.
  • Maintain a log of backups and the locations of backup media.

Applications Backup Routines

Many accounting and payroll applications feature their own backup routines. It is prudent to utilize these alongside conventional server backups, especially before critical updates. These backup files should also be stored on the server to ensure they are included in the overall backup strategy.

Local PC Backups

Users with data files on local drives, such as payroll information, should have a dedicated backup regime. This may involve a combination of media and server backups, and consideration should be given to the necessity of keeping data on local PCs.

Backup Media Selection

Choosing the right backup media depends on budget, data volume, and operating software. Consider the following options:

  • External Hard Disks: Cost-effective for local backups.
  • NAS with Cloud Backup: Offers redundancy and ease of access.
  • Cloud Solutions: Ensure third-party providers meet or exceed backup requirements.
  • Optical Media: CDs and DVDs can be cheaper, but their capacity and lifespan may be limited.
  • Encryption: Encrypt any external disks taken off-site to protect against loss or theft.

Backup Locations

  • On-Site vs. Off-Site: On-site backups allow for quick restoration but are vulnerable to disasters like fires or floods. Off-site backups are more secure during emergencies but should be both secure and accessible.
  • Safes: Businesses often use safes for on-site backups, but these may be temporarily inaccessible during a recovery scenario.

Backup Retention Policies

Certain records, such as accounting documentation, have minimum retention periods. Your backup strategy should reflect these requirements, considering media degradation as well.

Backup Media Degradation

Be aware that backup media can degrade, impacting data integrity. Optical media like CDs and DVDs are sensitive to light and can suffer physical damage. Regular checks for digital decomposition and testing data restoration are necessary to ensure backups remain viable.

In-House vs. Cloud Backups

Many service providers offer off-site data storage and online application solutions, reducing the need for internal server management. When considering a cloud service, ensure your contract includes provisions for:

  • Encryption Standards: Assess the level of encryption used.
  • Data Processing Locations: Understand where your data is processed and stored, as it may affect compliance with data protection laws.
  • Data Retention Policies: Clarify deletion and retention periods.
  • Audit Trails: Ensure tracking of who accesses data.
  • Data Ownership: Define data ownership rights in case the provider goes into administration.

When using cloud storage, minimize personal data processing and consider anonymization where possible. Ensure you have the capability to manually back up your data and that it is in a readable format for restoration on different services or applications.