Firms lack solid disaster recovery and backup strategies, survey finds
Almost four million UK businesses could be at risk of losing their data due to inadequate - or even nonexistent - backup practices, according to new figures.
A study of 514 UK business leaders, conducted by business internet provider Beaming, showed that companies are failing to follow best practices when it comes to protecting their data against hardware failure or cyber attack.
Most worryingly, the survey showed that 17% of all respondents do not back up their business data at all, with the only official copy residing on the individual system it was created on. This figure is predominantly influenced by sole traders and micro-businesses of less than 10 people - 20% and 10% respectively say they keep no backups, while that figure plummets to 2% for medium businesses of between 50 and 249 employees.
However, almost 50% of survey respondents said that their backups were kept on a separate system within the same office - indicating a troubling lack of disaster recovery plans. Scaling up the findings of its survey to reflect the UK government's figures for the number of businesses in Britain, Beaming claimed this implies that around 3.8 million businesses are not adhering to best practices.
"Our research shows that almost four million UK businesses are vulnerable to data loss from single events and could potentially become unable to operate," said Sonia Blizzard, Beaming's managing director. "Most businesses, particularly at the smaller end, don't do enough to safeguard their information."
This figure was relatively consistent across all company sizes; 42% of medium-sized businesses admitted to keeping no offsite backups, as did 30% of large companies with at least 250 employees.
This contradicts guidance from the National Cyber Security Centre (NCSC), which advises that backups should not be accessible to staff or connected to the system housing the original data. Ideally, they should also be in a separate physical location to the system of origin.
The reason for this is that while backing up data to an external device such as a NAS drive or file server within the same office protects against hardware failure, disk corruption and other technical issues, it does not provide any defence against disasters such as fires or floods, which can wipe out both the original data and your backups in one fell swoop.
It also leaves businesses open to malware. Ransomware infections, for example, can often spread through the network to other machines. If the system on which your backups are stored is on the same network as the rest of your IT, this means that your backups could become infected as well.
Of the businesses that do make use of offsite backup services - around 21% of respondents - the method varies depending on company size. Small, medium and large organisations tended to prefer external data centres and colocation facilities, while sole traders and micro-businesses were more likely to go for a cloud-based option.
The NCSC advocates the use of cloud as an easy, hassle-free solution for organisations who want to back up their data, and advises companies to make it a part of their routine.
"We know that backing up is not a very interesting thing to do (and there will always be more important tasks that you feel should take priority), but the majority of network or cloud storage solutions now allow you to make backups automatically," it advises.
"Many off-the-shelf backup solutions are easy to set up, and are affordable considering the business-critical protection they offer. When choosing a solution, you'll also have to consider how much data you need to back up, and how quickly you need to be able to access the data following any incident."