Your Organization's Backup Strategy Best practices for planning effective backup systems at your organization Kevin Lo, Elliot Harmon and ONE/Northwest - April 15, 2012 Is your organization prepared for a disaster? A solid backup strategy is one of the key elements of being prepared. Get started developing your organization's backup strategy with these tips and best practices. Editor's note:This article was originally excerpted from TechSoup's The Resilient Organization: A Guide for Disaster Planning and Recovery, which contains more resources on developing backup systems, strategies, and tools for your organization. This article was updated in 2012 by Ariel Gilbert-Knight. Regular backups are vital insurance against a data-loss catastrophe. In this article, we'll offer some best practices and basic strategies for backup. Be sure to also read our follow-up article on implementing your organization's backup strategy.Saving Time by Spending Time Developing a solid backup plan requires an investment of time and money, but the cost is far less than the burdensome task of recreating data for which no backup exists. Susan at the Eagle's Nest Foundation (ENF) is no stranger to IT disasters. ENF's remote campsite frequently deals with power and Internet failures. Susan had this to say about regular backups: "It's better to 'waste' the time backing up than to dread the effects of a disaster that could happen any time. Redundancy in communication options is very important, as is having off-site resources for communication when your systems are down. We have two offices in different parts of the state. This gives us an excellent natural backup strategy."Understanding On-Premises and Remote Backup There are two broadly defined approaches to backup: on-premises backup and remote backup. Either route (or both) may be appropriate for your nonprofit. On-Premises Backup In an on-premises setup, you can copy your data to a second hard drive, other media, or a shared drive, either manually or at specified intervals. With this setup, all the data is within your reach — and therein lies both its value and its risk. You can always access your information when necessary, but that information is vulnerable to loss, whether through theft (someone breaking in and stealing equipment) or damage (such as a leaky water pipe or a natural disaster).Remote BackupIn remote backup, your computer automatically sends your data to a remote center at specified intervals. To perform a backup, you simply install the software on every computer containing data you want to back up, set up a backup schedule, and identify the files and folders to be copied. The software then takes care of backing up the data for you.With remote backup solutions, you don't incur the expense of purchasing backup equipment, and in the event of a disaster you can still recover critical data. This makes remote backup ideal for small nonprofits (say, 2 to 10 people) that need to back up critical information such as donor lists, fundraising campaign documents, and financial data, but lack the equipment, expertise, or inclination to set up dedicated on-site storage.Automation is another key benefit to remote backup. A software program won't forget to make an extra copy of a critical folder; a harried employee at the end of a busy week might. By taking the backup task out of your users' hands you avoid the "I forgot" problem.The main downside to remote backup solutions is that Internet access is required to fully restore your backed-up data. If your Internet connection goes down (as may happen in a disaster scenario), you won't be able to restore from your backups until your Internet connection is restored.Another potential downside is that you have to entrust critical data to a third party. So make sure you choose a provider that is reliable, stable, and secure. You can also help secure your data by encrypting it before it is transmitted to the remote backup center.Understanding Types of BackupWith most backup solutions you can choose to back up all of your data (a full backup) or just parts of your data (an incremental or differential backup).A full backup is the most complete type of backup. It is more time-consuming and requires more storage space than other backup options.An incremental backup only backs up files that have been changed or newly created since the last incremental backup. This is faster than a full backup and requires less storage space. However, in order to completely restore all your files, you'll need to have all incremental backups available. And in order to find a specific file, you may need to search through several incremental backups.A differential backup also backs up a subset of your data, like an incremental backup. But a differential backup only backs up the files that have been changed or newly created since the last full backup.Best Practices for BackupAll backup routines must balance expense and effort against risk. Few backup methods are 100-percent airtight — and those that are may be more trouble to implement than they're worth. That said, here are some rules of thumb to guide you in developing a solid backup strategy: Plan your backup strategy.Develop a written backup plan that tells you:What's being backed upWhere it's being backed upHow often backups will occurWho's in charge of performing backupsWho's in charge of monitoring the success of these backups Think beyond just your office and its computers.Of course you should back up the data on all of the desktops, laptops, and servers in your office. But what about data stored on staff members' home computers? Or on mobile devices? Is your website backed up? What kind of data is your organization storing in the cloud? How is your email backed up? For more information on identifying what information to back up, see the companion article, Implementing Your Organization's Backup Strategy. Also consider data you currently store only in hard copy, as this kind of data is not easily reproducible. For example:Government forms, such as 501(c)(3) paperworkFinancial informationHR informationContractsLeasesThis type of information should be stored in a waterproof safe or file cabinet as well as backed up electronically (either scanned or computer-generated). Give highest priority to crucial data. Each organization needs to decide how much work it is willing to risk losing and set its backup schedule accordingly. Database and accounting files are your most critical data assets. They should be backed up before and after any significant use. For most organizations, this means backing up these files daily. Nonprofits that do a lot of data entry should consider backing up their databases after each major data-entry session. Core files like documents (such as your Documents folders) and email files should be backed up at least once a week, or even once a day. It's not usually necessary to back up the complete contents of each individual computer's hard drive — most of that space is taken up by the operating system and program files, which you can easily reload from a CD if necessary. Storing and protecting your backups. For on-premises backup solutions, we recommend rotating a set of backups off-site once a week. Ideally, you should store your backups in a secure location, such as a safe deposit box. Another method is to follow the "2x2x2" rule: two sets of backups held by two people at two different locations.Especially if your area is susceptible to natural disasters, think about going a step further. You need to make sure your local and remote backup solutions won't be hit by the same disaster that damages your office.For example, in the wake of Hurricane Ike, one organization we spoke with had displaced staff working remotely in four different cities. One staff person reminded us that if you're storing your backups in the same city as your office computers, there's a danger that one catastrophe will destroy both: "Consider your entire city a potential point of failure!" Similarly, when TechSoup relocated our datacenter in 2011, we made sure to select a site that was located in a different earthquake zone from our main offices.Although it may sound overly cautious, you will be glad to have a system like this in place should disaster strike. Think about how you will access critical data and filesConsider what data would be most essential to have at your fingertips in an unexpected scenario. If you lose Internet connectivity, online services will be unavailable. What information or files would be key as you wait to regain Internet connectivity (which will enable you to restore from an offsite backup)? Where will you store those files? Test your backups before you need themMake sure your backup software has full read-back verification. Design a recovery plan, and try restoring a few files to a different computer at a different location so you can test your plan before you actually need it. Now that you know the basics of backup, continue to our companion article, Implementing Your Organization's Backup Strategy.Additional Resources The Resilient Organization: A Guide for Disaster Planning and Recovery Back That Mac Up Webinar: Disaster Planning: Backup, Backup, Backup! Raising the Bar: Serving Hunger and Poverty in Cincinnati: Learn how one nonprofit implemented a thorough backup solution and standardized its entire tech infrastructure at the same time. This work is published under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International License.