Office Solutions IT | Blog

7 Questions to ask your IT team about your backups

Written by Teng Yew Ang | Aug 19, 2019 7:23:02 AM

“Errm... I think I've just lost everything, can I get it back!?”

That’s never a situation you want to find yourself in. Especially if your business doesn't have a reliable backup in place.

Having the ability to restore your files quickly and easily is among the most important cyber security solutions in business today.

And while we have set-and-forget cloud backup that takes care of this for you, so you don’t have to. You must be across the details of your backup, so you can get clear on:

  • Precisely what data you’re backing up
  • What the expectations are for your recovery time in the event of a disaster; and
  • To what point in time you can expect to be restored after a data failure

And to help you, I’ll be sharing seven backup questions that you can copy, paste and send to your IT support team.

Q1 - Precisely what data are we backing up?

Q2 - What are we not backing up?

Q3 - Is our Office 365 data backed up? (OneDrive documents, SharePoint and Emails etc..)

Q4 - Where is our backup data stored?

Q5 - What is our RPO and RTO?

Q6 - When was the last time you verified the integrity of our backup data?

Q7 - Do we have an up-to-date backup stored offsite in a secure location?

But first. Here are a few questions you don’t want to be asking when a disaster strikes.

“urm... We’re down… What’s happened to our stuff?”

“Can you get it back?”

“How far back!?”

“How long will it take to be back up and running?”

“What have we lost?”

“What USB Drive!?”

"But, we use Office 365 isn't it in the cloud?"

The truth is, whether it’s accidental, intentional or due to malicious IT geeks, data loss is inevitable.

Being on top of your data – and your business - is about more than just plugging in a USB Drive and ticking the ‘we’re all backed up’ box.

It’s about knowing what you're backing up. It’s about understanding what your backups are capable of. And, more importantly, it’s about being prepared, so you’re not left asking important backup and recovery questions when it’s too late.

So, let’s get into it.

Question 1

Precisely what data are we backing up?

These days, keeping tabs on your important data can be a challenge.

The amount of data you create day to day is growing and the number of devices your business uses to process this data has soared too.

From servers and computers to mobile devices such as smartphones, tablets and laptops, the chances of your team members using several devices to access your data are high. So, are these devices being backed up?

Have a think about your critical business systems too. Financial information, CRMs, databases, physical servers, virtual servers and anything else that your business uses day-to-day, is this information being backed up too?

Oh, and if you work better with images, you may find it useful to request a simple diagram that details how your business is currently backing up and what data is included.

Question 2

What are we not backing up?

Arguably the most important question. Is there anything that you’re not backing up that you should be?

In particular, think about your legacy databases, email inboxes, SharePoint files, calendars, contacts and so on. Oh, and don’t forget about backing up your Office 365 files.

It’s important to point out what these items are now, so you’re not left trying to restore data that was never backed up in the first place.

Question 3

Is our Office 365 data backed up? (OneDrive documents, SharePoint, Emails etc..)

You might be thinking… “But we use Office 365. Our data is in the cloud, right?”

And while yes, you would be absolutely right.

You might be surprised to learn that just because your files are in the cloud, it doesn’t mean your Office 365 documents are backed up. And if so, you aren’t the only one. In fact, a lot of businesses overlook this, so please don’t.

It’s often presumed that by using cloud subscription services, like Microsoft’s Office 365, your data is safely backed up and tucked away - and certainly not at risk of being lost, corrupted or stolen. And without taking a closer look, you’d be forgiven for thinking so.

While a cloud subscription service like Office 365 does a good job of protecting your data against physical threats like:

  • hardware failures
  • physical theft; or
  • spilling your coffee over your keyboard

It doesn’t fare so well against digital threats like file corruption, file deletion or worse, cloud ransomware.

For those unfamiliar with cloud ransomware: It’s the latest form of malicious email. Expertly designed to entice a single log-in which grants malicious IT geeks access to your Office 365 environment. This results in the immediate encryption of your office 365 data before receiving a demand for a sum of money for the digital key that gets it back. Take a look at cloud ransomware in action right here:

 

 

And while some cloud subscription services are capable of restoring a version of your files for up to 93 days, it’s very likely that any emails and documents:

  • Encrypted by cloud ransomware
  • Stored outside of the retention window; or
  • Accidentally - or Intentionally - deleted and purged

Will be lost. Forever. That is unless you have a dedicated Office 365 backup in place. Like this one.

Question 4

Where is our backup data stored?

The physical location of your data may seem like a triviality, but whether it be a local USB drive stored in your office or an overseas data centre, are you aware of:

  • The type of storage device your data is backed up on?
  • The precise physical location of your storage device?
  • How old the storage device is?
  • When it’s due to be rotated out?
  • Who’s responsible to rotate the storage device?
  • Any legal or ethical obligations you may have to store and protect your data in a particular jurisdiction, state or country?

It’s worth having a think about the security of your backup location too. Who has access to this location in the event of a data disaster? Can they access the data? Do they need a key, pin number, swipe card etc..?

Deciding where and how to house your corporate data is an important decision and shouldn’t be overlooked. But above all else, knowing who can access your backup data and where to find it certainly helps when disaster strikes.

Question 5

What is our RPO and RTO?

Now, there’s a chance you’ll be asking yourself exactly this.

So, let me start by sharing a link that walks you through the basics and explain what an RPO and RTO are.

RPO – Recovery Point Objective.

Think of your RPO as a Tardis for your business. (Yes, a time machine). Your RPO refers to a point in time that you can travel back to and restore a clean version of your files.

RTO – Recovery Time Objective.

This is the minimum amount of time it will take your IT experts to restore your business operations after a data disaster. Typically, this amount of time is determined by how much downtime your business can absorb before it starts to suffer.

In a perfect world, your businesses would like to have and RPO and RTO of just a few seconds, but for most, that’s not physically or financially possible. The idea here, if you haven’t already done so, is to establish what your business requirements are and schedule a conversation with your IT Partner to determine an RPO and RTO that you are comfortable with for each area of your business.

If you're not sure where to start, you can use the step-by-step guide in this article - and these backup questions to help you to get clear on your backup and business requirements.

Questions to ask

  • How often are our backups run?
  • How much space do we have available to store our backups?
  • How quickly can you commence the restoration process?
  • How quickly can we access our data backups?
  • What equipment or resources do you need to get us back up and running?
  • How much data can we currently expect to lose in the event of a disaster?

Information to prepare

  • Our important data changes ___ times per Hour/Day/Week/Month (Delete as appropriate)
  • In the event that our <insert business critical service here (i.e. Email) > went offline, our business could continue for ___ minutes/hours/days without suffering. (repeat this for each business critical service)
  • We would lose approximately $____ for every minute/hour/day our <insert business critical service here (i.e. CRM) > is offline.

Question 6

When was the last time you verified the integrity of our backup data?

Without simulating hardware, software or data failure how do you know if you can rely on your backups when disaster strikes?

Many don’t, which is why scheduling regular checks of your backup data are important, so you can rely on them when you need to. But verifying the integrity of your backups is so much more than checking they are running, and the green lights are flashing.

It’s a good idea to ask your IT team about scheduling regular backup restoration tests. Doing so means you can thoroughly test your backup data to discover if your backups are working and if they respond in line with your business needs before it’s too late.

Question 7

Do we have an up-to-date backup stored offsite in a secure location?

Data loss kills businesses. But being able to recover your data quickly and efficiently, well that brings them back to life. And it’s easy to do, providing you have a reliable 3-2-1 backup strategy in place.

Following the 3-2-1 backup system means you’ll have a total of 3 copies of your data. Two of these copies will be on site and the all-important third copy will be securely stored offsite.

Oh, and why is the offsite copy considered all-important?

Because hard drives fail, deviant IT geeks exist, and disasters happen. A lot.

Having an up-to-date copy of your critical data stored offsite means your IT team will be able to get your business back up and running even if: 

 Many businesses tackle this by manually taking a copy of your data offsite every day, week or month. And if you do this too, it’s a good idea to be clear on:

  • Who is responsible to take the storage device offsite? 
  • Who has access to the storage device?
  • When was the last time it was taken offsite?
  • How often is the offsite data tested for backup restoration?
  • How old is the storage device?
  • When is it due to being rotated? 

The trouble is, relying on a team member to manually deposit a copy of your data into a secure location every day, week or month is a risk.

People get busy, go on holiday and things get missed. It happens. We’re human. Which is why automating your offsite backups is crucial. And it’s easy to do with our cloud backup solution.

Backing up your critical information to the cloud means you can rest easy knowing your data is up to date – and your business is protected from crippling events like malware, fire, theft, flood and inevitable IT hardware failures.

The process is automated, and we’ll routinely test your restoration data and manage your backups for you, so you don’t have to. And if disaster does strike, we’ll be able to provide you with direct access to your data– fast.

What next?

  1. Copy this message

Hi Team,

I’d like to get clear on our backups to make sure we’re fully protected against data loss. Can you please confirm:

  • Precisely what data we are backing up?
  • What we aren’t backing up?
  • Is our Office 365 data backed up? (OneDrive documents, SharePoint, Emails etc..)
  • Where our backup data is stored?
  • What our current RPO and RTO is?
  • The last time you verified the integrity of our backup data?
  • Do we have an up-to-date backup stored offsite in a secure location?

Thanks in advance

 

  1. Open a new email to your IT team
  2. Paste the message and hit send.

Data loss happens. And safeguarding your business against this common reality now means you’ll be protected before it’s too late. And it starts with asking the right backup and recovery questions.