Startups have lots of responsibilities and tasks they need to complete, usually to tight deadlines. It’s no secret that getting work done is what makes some companies extremely successful but one area that ends up suffering is either security or data backups – Data backups can end up taking a back seat and being neglected, especially overtime. When you suffer from unexpected data loss, it can be hard to recover and move forward, companies should be caring about data backups early on and long term. In this post I explore the importance of data backups and why it’s something you should care about early on, no matter your startup size.
Data loss can take many forms and hit you unexpectedly, it’s not always easy to recovery from it either. Data backups may be boring and a second thought to some but when you can’t recover because you only started backups 12 months in and you are missing data from 6 months ago, you’ll wish you had taken the time to implement a proper backup strategy.
Missing data that you can't recover is like a house, once you start losing some, the place becomes a bit untidy and tatty, if you keep losing data eventually no one will want to enter your home again – It doesn’t have to be like that though, it can be easy to keep your home intact and tidy.
The days of cron-jobs or backups scripts have gone, they are no longer a valid way to implement data backups for databases, files or servers. To operate a successful business in the privacy focused world it is a must that companies take data protection and backups seriously, from the start. With the likes of the GDPR and other regulations like HIPPA or FINRA, making sure you have adequate backups is important and expected from your customers or users.
This may sound all scary and I’m not trying to force you into a corner but the perspective has changed, things like software mistakes, ransomware, cyber-attacks or natural disasters are not always in your control and users expect the digital world to recover, especially when we all rely on the internet in our daily lives, with humans more than ever interacting with data, it is important we take steps to protect users data.
My main point with smart backups is that a company must choose a reliable and proper backup strategy, home grown solutions usually aren’t the way to go unless you intend on it and want to maintain such a system. There is an array of backup options out there for different types of data. Databases like MySQL, PostgreSQL or MongoDB etc. all have their own tools to perform backups, I recommend you choose a platform which does all this for you, by doing so you can ensure that everything is taken care of and always going to be compatible, a platform which offers a plug-and-play solution is easy to adopt and lets you focus on building your product, not having to worry about backing up data.
Data comes from many different sources and is stored in many different forms, backing up data always seemed hard to know whether you were doing the right thing or not, it felt like you had to research what the best option is and use a different tool every time for different forms of data storage – That is why I am a co-founder of Bakup.io, it has been crafted to solve the problems I have been talking about. Bakup.io is a complete platform to help business backup databases, files and servers. It’s a complete platform to help companies eliminate the worry of data loss, ransomware and other forms of data loss, I believe this is how companies achieve smart backups and become smart companies.
A surprising number of businesses don’t have a data disaster recovery plan in place, explaining why I believe it’s important to care early on and make it part of your core goals when growing your business. We can explore some of the surprising statistics around the attitude towards data backups and why you may need to reconsider yours.
A report titled Cybersecurity in the Remote Work Era by Ponemon Institute found that only 45% of companies believe they have the funds to prepare and tackle cyberattacks. It was also found by the Ponemon Institute that 39% of companies don't have an incident response plan in place for small and medium sized businesses - Topping that with the fact that 60% had experienced data loss or theft.
Additionally, nearly half of companies who participated in the study stated that they don't believe their staff have the expertises to proper defend against cyberattacks and data breaches.
A disaster recovery plan is something which is becoming more popular and companies are willing to offload such tasks onto DraaS platforms like Bakup.io, something which we will talk about later. The key point here is business like to focus on what makes them profit and that isn't a bad thing but data loss and cyberattacks can cause chaos, backups are a boring topic but an important one.
By studying the 2021 Global Data Risk Report we can understand that a lot of companies, even large organisations don't really manage their file systems very well. For example, the report states that on average a first time employee has access to nearly 11 million files the day they start at a financial organisation, for larger companies this increases to over 20 million files. The report finds that 33% of files are unprotected, crazy right? - This is kinda worrying because the same employees usually have permission to create, update and delete documents, sometimes with no record. These files could be sensitive or vital to the company, not blaming the employee but there is no backup plan in these situations.
In other words the study tells us that 64% of employees could have access to over 1000 plus files that could be critical which may not be backed up. This is why it is important to backup everything, there is no excuse where some files are not protected and some are, you just never know when you will need something again. Your FTP server or computer systems should be 100% backed up.
Unprotected data can have a huge impact as we've discussed and a lot of it is down to permissions and access rights but even if that was all sorted, everything should be protected with a proper backup system in place. It poses a risk to possible non-compliance regulations like SOX, GDPR, CCPA or FINRA etc.
The same report states that the future is automated and presents shocking information on how many sensitive files are accessible to employees who potentially don't even need access, it's less about employees going rouge and more about mistakes and accidental operations:
With all these files being accessible and a decent number of them being sensitive and open to everyone, a great defence against any mistakes or misuse is frequent automated backups that have a recovery plan in place. Even if its not employees who are the problem, attackers will look for unprotected files and take advantage.
Data is valuable and not just to companies that own the data, hackers and malware authors are on the rise and it has been found that 45% of data breaches featured hacking and within that 17% featured malware. This was found through the Verizon’s 2020 Data Breach Investigations Report.
It's not always clear on how to protect against hackers or malware due to the fact that attacks are getting more sophisticated each year and any reputable unauthorised access usually happens before a vulnerability is known. Whether the attack is to steal data, install ransomware or malware you'll want to be protected and with features like geo-redundant backups with triple replication. A company which adopts such things knows its very rare for 3 offsite backups to go wrong or not be recoverable, something which Bakup.io can help you with.
Companies operate day-to-day working on growth and profit, that's the whole point. And any disruption to that smooth operation is critical and that is why data breaches are so profitable and cause so much havoc. On average the cost of a data breach is $4.24 million, with healthcare services being affected the most with a huge $9.23 million on average costs due to data breaches – Another rising factor with the likes of regulations including GDPR or HIPPA in our every privacy evolving world.
All this comes from a report between the Ponemon Institute and IBM and they state that a sizeable data breach can on average take 287 days to fully understand and identify how a data breach happens which also includes the containment of such breaches. A proper backup system is your first line of defence against breaches, it enables you to recover from any loss and makes it possible to launch new servers while you contain a breach, reducing the costs per day.
The report shows that by containing and understanding a data breach within 200 days shows a reduction of 30% in costs, something where a backup recovery system could reduce even further.
Security plays a big role in data breaches, it is undoubtedly important that imposing proper security is key but a backup system with a recovery plan is vital in moving forward, they go hand in hand but the latter always allows you to bounce back if done right.
Overall downtime an hour of downtime costs around $8,000 for a small company, $74,00 for a medium company and over $700,00 for a large organisation, at the highest cost it comes to $11,600 a minute - Datto. So you can understand why disaster recovery is important and why it's best to take action to establish such a backup system. An effective solution like Bakup.io can enable a business to continue in the event of data loss, while you figure out what went wrong, users/customers are hardly effected.
Ransomware causes so much trouble yet it can easily be defended against. Apart from decent security practices and protocols, frequent automated backups in at least 3 places that are geo-redundant will allow you to recover. Yes, ransomware isn't nice and recovery sure isn't easy but at least you have the option because if you don't, you can't always get your data back.
Either the ransomware encryption is permanent because the attacker doesn't intend to give you the decryption key or the ransom price is too high - but you probably shouldn't negotiate with such people anyway. On average it has been found by Coveware who did a study, reported that downtime due to ransomware was around 23 days before a business could fully resume. Downtime costs a company lots, both money and reputation.
Furthermore, ransomware payments have increased and companies are having to fork out larger ransoms than ever. In Q2 2021 the average ransom payment was around $136,576 and you shouldn't really be negotiating with such people - but some companies have no choice. You may be expecting me to say it again... But a proper backup system would eliminate/reduce the effects of ransomware.
Even if companies have to resort to paying the ransom, sometimes the decryption isn't always 100% successful. Not all ransoms even give you a decryption key after payment as well. There is simply no guarantee. Coveware found that 97% of ransom decryption was successful in recovering files, while that sounds very high, if your company has millions of files that 3% starts to add up and become a problem, something could be solved by using a automated backup system.
Having a fool proof recovery backup system is curial to fight back against ransomware, if you have all your files and can recover relativity quickly from ransomware attacks, it takes the profitability away considerably.
I said I would discuss DRaaS (Disaster Recovery-as-a-Software), so here we are. I think the term DRaaS is something you will see more of in the future. As more data regulation laws come into play (we already have GDPR, HIPPA, SOX etc.) our world is becoming more privacy focused and data minded, which I think is a good thing, but we have to take responsibility and protect peoples data. With that in mind, we'll need to adopt such DRaaS solutions or make sure we have adequate data backups and recovery plans.
A DRaaS is a system which enables you to backup data and also recover from it, automatically. You offload the worry of managing your recovery plan and this is a good thing. These data protection laws impose huge fines if and when data is mishandled by a company so offloading such responsibility or adopting a decent solution both reduces the risk and impact of data loss.
A good Disaster Recovery-as-a-Software solution will have features such ass:
- Geo-redundant backups and recovery
- Triple replication support for multiple locations
- Error handling and notifications
- Security in mind by working on private networks, no open servers etc.
- Easy to use dashboard to make managing and setting up easy
- A good system to manage credentials for different servers
We know that cloud platforms are used by over 93% (Unitrends Survey) to store data and backups and more planning to convert in the near future. This is a good thing and it enable us to have abundant choice with where we store our critical company data. These DRaaS platforms can take advantage of online cloud data storage solutions, making it easy to keep everything synchronised and only retention what data you need, helping to reduce maintenance and cost.
Currently, only around 36% of companies use a DRaaS system, but the exciting thing is, it is predicated to jump to over 59% by the end of 2021, with the rest planning to implement or adopt some sort of system within the next year or so. So we know there is increasing demand for such DRaaS systems, have you already joined the fight against data loss and ransomware attacks?
After reading all these statistics on data loss, you may be the most prepared company in the world but it is inevitable that you will experience some sort of data loss or downtime in the future, it is already predicated that 96% of companies experience downtime within a 3 year period (LogicMonitor) - that is extremely high.
Additionally, data protection and regulation laws may even require you to have some sort of compliant backup system and recovery plan in place to operate, so its best to consider if yours is good enough. Taking the time to invest in a good backup solution could save you thousands later on and save your companies reputation.
A data disaster doesn't even have to be down to a hacker or cyber threat, it could be a simple human error or some internal disruption that was unexpected.
No matter the type of app, product, service or website you run, data is complicated, especially at scale. I don’t want the statistics here to scare you, my goal was to show the impact data disasters can have on a business and why backups are imperative. It’s great news to hear that nearly 90% of companies are backing up but only 41% are doing it daily.
It’s important to have the complete picture, there is no point backing up every second or minute but you should figure out a data backup frequency that matches your use case, this also needs to be flexible as sometimes that frequency may need to change.
Between the year 2019-2020 it was found that 42% of companies experienced data loss and likely very high because companies cannot recover from data loss when they never backed it up, even if they were doing backups, they missed data because of incorrect frequencies – Which goes to show how data backups are not just a one time thing, you need to make it apart of your core goals and revaluate your backup system along the way; companies grow, which means their data usually does to, resulting in their backup requirements changing.
You may have noticed throughout this article that I have mentioned Bakup.io where relevant and I would like to say I am one of the co-founders. I based this article around my experience with Bakup.io and what we learnt when we dived into the world of data management and backups. This post is proof as to why we still haven’t solved the data issue, not everyone manages to fully look after their data, even if it’s not their fault, we can still do something about it, and that is what Bakup.io is about.
Hopefully you’ve learnt something and chosen to look into your backup practices, maybe saving you one day from a bad situation. The main focus was to encourage data backups to become part of your core mission and start from the beginning (or now if you already haven’t), because without backups, company growth can easily be shattered if the disaster is big enough.
Let’s go make these statistics a thing of the past 💣