Are your backups in place, and are they regularly being tested? Failure to test backups is a common occurrence in companies where the IT team is simply too busy with other projects to do this regularly, or where you have a third party looking after your backups, and they have not been reporting that they have completed testing – possibly because they haven’t done any. An IT audit or review will highlight an issue with your backups, if there are any.
It’s the old story here; no one thinks about the backups until that time when they are critically needed, and they haven’t been tested, and they aren’t working. This has happened before to many organisations, and it will happen again. Please don’t let it be you the next time.
As a result of the IT Security and Phish workshop that Icon IT completed with my team,
Amanda Stevens, Ben Stevens and Team Real Estate
we all have a heightened awareness and have implemented many of
Icon IT’s suggestions to further protect our business.
Another reoccurring problem is that a new server gets added, but no one adds it to the backup regime.
It’s a huge business risk, and unfortunately one that happens all too frequently.
The scope of the review will determine how deep we dig; do you simply want to know your systems have been backing up and are being tested (test restores), or we can go deeper and get evidence and reports so you can be absolutely sure?
Having a review of your backups might mean that you can sleep a bit easier at night.
My data is backed up already by Microsoft 365 – isn’t it?
Some organisations believe since they have their information saved in the cloud somewhere, that backups are no longer needed. This may not be and probably is not the case. Unless you are paying to backup your data, it is not being backed up at all. Other people confuse availability with backups, thinking since (for example) their data in Microsoft 365 is saved in different geographic locations, they are covered. But this doesn’t allow you to restore that deleted file required for a legal case from 5 years ago. Geographic Redundancy is all about high availability, not backups.
Having backups included in a review is a classic case of another box to tick for your board of directors; you can say your backups have been reviewed independently, and are either just fine, or that they have been reviewed and need changes.
Icon IT would suggest changes where needed, in an IT Road Map or as an independent report.