Why are data backups so important?

If you’re at all tuned into the cybersecurity sphere, you may have noticed that 31st March was World Backup Day (we forgive you if you missed that, it’s not a red-letter day in most peoples’ calendars). In the midst of all the messages telling you that it’s important to backup data, you may have found yourself wondering, why? And more importantly, how?

It got us thinking too. So, here’s the lowdown on backups – how they work, why you need them, and what you need to do to set them up.

Why do you need backups?

The rationale behind backups is pretty simple: sometimes, bad things happen and, when they do, you want to be sure your most valuable assets are safe. In this case, we’re talking about data, whether that’s personal data, customer data, or important files.

Simple, right? However, a staggering 21% of people have never backed up their devices. This is even more surprising when you consider all the ways in which data can be lost. There’s human error, which a Stanford University study estimates accounts for 88% of all data loss. You could lose data through the simple theft of a device. And, then, there’s cybercrime.

Data is the most valuable currency to cybercriminals. It’s why ransomware attacks are so prevalent and it’s also what most cyberattacks target (even a phishing attack is ultimately after data).

Using data backups not only protects you against accidental loss, but it’s also a key weapon against many cyber attacks. Take ransomware as an example; a cybercriminal may have held your data to ransom but, with a backup of that data, your business will still be able to operate while you decide what to do next. 

Think of it in the same way you would business insurance. You pay out each month, praying you’ll never have to use it, but if the worst does happen you’re covered. 

How do data backups work? 

Data backup software is a very simple concept. You install the software on your devices and systems, it then copies and saves your data to an external source. This could be an external drive, data centre, or cloud. 

Most modern data backup tools will save to a cloud. The data is copied, encrypted, and sent to a cloud server until you need to restore it. Storing your data in this way ensures that it’s safe in the event of accidental loss or a cyberattack. 

What data should you back up?

In most modern organisations, you can find data in just about every function of the business, whether that’s marketing, finance or sales. Files, folders, images, payroll data, supplier data, customer data, third-party app data – it all needs to be backed up. 

It might sound counter-intuitive that you need to back up third-party data. However, many Software as a Service (SaaS) businesses will only backup their own platform.

How do you set up data backups?

Setting up data backups for your business isn’t a complicated process. There are countless options, from tools like Dropbox Business to Microsoft OneDrive. The option you choose will largely depend on your business, but there are a few things to bear in mind.

1. Make it cloud-based 

You don’t have to use a cloud-based service as your primary backup, an external drive or your own data centre will work just fine. But, a cloud-based option will easily scale with your business and probably save you money in the long run. Added to this, there’s the safety element. Using a cloud is by far the safest way to store your data.

2. Keep it simple

 As an SME, it’s unlikely that your business is packed with IT experts. So, whichever option you choose, ensure it’s easy to set up and use. A good test of suitability is to ask yourself whether the least technically minded person in your business would be able to use it without difficulty. 

3. Set up a redundancy option 

Although you’re never likely to need it (cloud providers lose data very, very rarely), it’s worth setting up a backup of your backup. We advise having three copies of your data: the original, one in the cloud, and one on a company-owned drive or data server. That way you’re covered, whatever happens. 

4. Pick one that’s automated 

If you’re anything like the majority of small businesses, you probably don’t have a dedicated IT team. And, even if you do, they’re unlikely to have time between fixing printers and helping people locked out of their devices to manage backup processes.

To get around this, you’ll want a solution that backs up your data automatically, so no one in your business has to worry about it. 

5. Find out what your provider’s DRP is

Every data storage provider should have a disaster recovery plan (DRP). You need to know what your provider has in place should their servers experience an outage or be destroyed and how you can access your data. So when choosing, be sure to ask.

Protecting your business on a budget is tricky. Calling in the experts or investing in the latest tools is expensive. So what can you do? CyberSmart Active Protect secures your business around the clock with no need for costly consultants, tools or an in-house team. Try it today.

Active Protect CTA

Servers and Cyber Essentials explained


Just about every business uses a server, but most of us only have a fuzzy idea of what they actually do. And it’s easy to assume that it’s too technical or complex for us non-techy types to understand. 

In reality, servers are pretty simple, and, they’re a key part of your IT infrastructure as well as having a role to play in Cyber Essentials certification. 

Here’s everything you need to know. 

What is a server? 

When most of us think of servers, we think of huge, thousand-acre data centres like this. However, most businesses have a server and they’re often of a much more modest scale. 

Any computer using the right software can be a server. Essentially, all a server does is collect and distribute information across a network. The network could be local, say within your office, or a wider network across many locations, like the internet.

For more on the different types of networks and how they work, check out our recent blog on the subject. 

How does a server work? 

Whether it’s searching Google or pulling up a file at work, you probably access servers thousands of times each day.

Taking the internet as an example, the process works something like this: 

  1. You enter a URL into your web browser
  2. The browser requests the data for the site you’ve asked it to display
  3. This information is sent to the server
  4. The web server finds all the data needed to display the site and sends it back
  5. The site you’ve requested appears on your browser

And that’s it. The whole process shouldn’t take more than a few seconds, depending on your internet speed. 

What is a virtual server? 

Servers are simple enough. But, things get a little more complicated when it comes to virtual servers. So, here’s the simplest explanation we could come up with.

A virtual server is a server that shares its resources amongst multiple users, each of whom has some control over it. It’s usually located offsite from the organisation using it, typically in a data centre. 

Think of it as a way of splitting a single, physical server into several smaller virtual servers, each of which can run its own operating system. The key advantage of this approach is cost saving. 

A virtual server is usually much more energy-efficient to run than a dedicated physical server and doesn’t require any upkeep by the businesses using it. And, you only pay for the server capacity your business actually uses – far more cost-effective than running an entire server and only using a fraction of its capability.

Servers and Cyber Essentials 

The Cyber Essentials certification questionnaire has several sections relating to servers, but what is it you need to do?

First, all servers whether virtual or physical need to be supported by the manufacturer. For example, Windows Server 2008 isn’t Cyber Essentials compliant because Microsoft stopped supporting it some time ago. This means its defences won’t have been updated to deal with new threats, making it vulnerable to attack. For more detail on the importance of updates, have a read of this.

For Cyber Essentials Plus, your servers only need to be tested by an auditor if they ‘touch’ the internet and a non-admin user can use it to browse. If you’re unsure of the difference between admin and non-admin users, never fear, we’ve put together a handy blog to help.

For both Cyber Essentials and Cyber Essentials Plus, you’ll also need to answer questions on who has access to your servers, the protections you have in place, and the software installed on your servers.

And that’s all there is to know about servers; a complex technology with a very simple job. Hopefully this blog has armed you with all the knowledge you need, but if you have any questions please get in touch, our team are always happy to help.

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

CTA button