Elliot Rose, head of cyber security at PA Consulting, is quoted in an article about backup testing, where he discusses the need for organisations to set a tolerance for disruption.
The article looks at the five key things to consider when it comes to backup testing – what to test, how often, making sure backups work, whether recovery is effective and ensuring processes are consistent.
It discusses how making regular backups is a keystone of any business continuity and disaster recovery strategy. Firms need to keep copies of their data to protect against hardware failures and system outages, as well as power or network disruption, flooding or fire.
Backup protects a business against data corruption caused by application errors and accidental deletion. And increasingly, off-site backups are a vital defence against malware, and especially ransomware.
The growth in ransomware makes this even more important, as a clean, air-gapped backup might be the only way to restart the business after an attack. Yet analysts estimate that around one in three businesses fail to test their backups. Even those that do, might not do so effectively.
The article goes on to stress that the key aim of backup testing is to ensure the business can retrieve its data and continue operations. Backup policies should be seen in tandem with wider business continuity or disaster recovery plans, as well as the data protection strategy.
When it comes to restoring data, testing will show up any weak spots. Tests also confirm if the business can meet its RTO, RPO and other regulatory requirements, to which Elliot adds: “Organisations will have to set a tolerance for disruption for each ‘important business service’ and ensure they recover these. This includes the recovery of the systems that support the services themselves.”