The text "security tips for your organisation" on a blue/green background.To the right is a silver shield and padlock.In the background are dots linked by lines suggesting a network.

Tip 4: Backups (and test them)

30th June 2025

Having only one copy of your data is a risk, and losing access to that data could destroy your business. You can reduce the risk of data loss by ensuring you have backups, and you can create a simple backup easily (or spend hundreds on more complex and comprehensive solutions). Remember, it might not be an attack that removes your access - you could just have a laptop fail. By making sure you have good, regular, backups you can protect against both hardware failures and attacks like ransomware where an attacker locks you out of your files.

๐Ÿ— Easy backup - just have another copy

Backups donโ€™t have to be costly, and could be a simple case of copying files to a separate disk or location. If you're making copies yourself ensure this complies with your organisation's rules. The backup should be encrypted too.

๐Ÿ—๏ธ More advanced backups

More advanced backup tools often automate retention policies (how long you keep the backup), can produce incremental backups, and provide additional features. Importantly, these tools will send you a notification when the backup completes or fails, meaning you can check everything is backing up on schedule.

Keeping backups for longer gives you more opportunities to recover your data. If the backup from last week is damaged, then the backup from two weeks ago may be good enough (and is probably better than nothing).

Consider your organisation's requirements when choosing a tool, but make sure the process is easy so the backups still get done!

๐Ÿ˜๏ธ Keep the backup separate & disconnected

Make sure that your backup (be that a separate disk or something more complex) is not kept with the original, otherwise a fire, flood, or theft would still destroy both copies. The backup copy shouldn't be permanently connected to ensure that if ransomware strikes the backup can't be attacked too.

Keeping the backup media (disks, tapes, etc.) in another building the organisation owns, or taken home by a trusted staff member, provides a good separation between the original data and the backup.

๐Ÿงช Test your backups

Having a backup is great, but you need to test it - it's a bit like driving a car and checking the brakes work before a journey. What you choose to test can vary from restoring individual files to recovering whole systems, but importantly test your backups regularly and fix any problems quickly ๐Ÿ™‚.


This blog post was originally published on LinkedIn and on Jonathan's personal blog on 30th June 2025.