online back up

April 14, 2017

Data Backup Security: How to Secure Your Backup Data

All organisations should consider their data backup security, although many don’t. In fact, your toner […]

Data Backup Security: How to Secure Your Backup Data

All organisations should consider their data backup security, although many don’t. In fact, your toner cartridges may be more secure than your backup data.

It is critical that your organisation protects its data, both in flight and at rest. You have probably implemented data protection measures – such as firewalls and antivirus – to protect your live system data. But what about your data backup security? Could this be a back door for cybercriminals to access your confidential, business critical data?


The Toner Cartridge Test


We’re going to start this blog with a strange question: do you know how many toner cartridges you have, and where they are stored? Most organisations will know this information, as it will be tracked on some form of stock control system or spreadsheet. The toner cartridges are probably stored in a locked store room.


Okay, so next question: how do you get access to the toner cartridges?
For many organisations, the standard process involves making a request to the IT team or office manager. They will get the toner cartridge from the (locked) store room or cupboard. They will then update their spreadsheet or stock control system to note that a toner cartridge has been used.

Now ask yourself where all the company data that you backup is stored.
For many, the answer will be ‘on backup tapes’. This leads us to the next important questions: where do you store your backup media? What data backup security is in place? And do you know who has accessed the data that you backup?

Data Loss Prevention

IT solutions for Data Loss Prevention (DLP) typically focus on protecting company data from leaking. This can be through direct external links, such as email and firewalls, or through the protection and encryption of data on mobile and other roaming devices. However, backup data is seen as one of the most vulnerable forms of data storage.

Do you know where all of your backup media is located?
For many organisations, the answer is typically that the tapes are stored in a box near the servers (which may or may not be in a secure location). Someone often takes the tapes off-site (at home or in the car boot) to protect against something happening to the building.

Do you track the location of every tape for its entire lifecycle? 
Where is last month’s backup tape? How about last year’s? If you can’t locate and track all of your backup media until its destruction, then you potentially have a situation where your data backup security is not sufficient. You may be exposing your company data (which likely includes confidential and personal data) to loss or theft.

If data on a backup tape is a year or more old, it can still be damaging to your company if lost. If you hold confidential or personal information on individuals (which includes your staff members), you have a legal obligation under the Data Protection Act to ensure that this data is protected from falling into unauthorised hands.

Backup Data Loss Incidents

There have been a number of data loss incidents related to backups that have occurred recently, affecting some high profile organisations: –