Purpose

Data can be lost through simple error, a system failure, or a malicious interference or attack. A good backup strategy will minimize such loss and allow you to recover faster to carry on your research. 

Audience

On this page

What can I do?

Determine what data to backup according to whether the data are volatile or disposable. 

  • Some data does not need to be backed up because they are temporary in nature 

  • Decide how often to take a backup based on how much data you are willing to lose.

  • Establish a schedule and workflow for major backups (after major edits or alterations).

Keep several points in time or versions of your backups, known as the 3-2-1 strategy.

3 copies

  • You should have at least 3 copies of your data.

2 storage mediums

  • You should have backups stored on at least 2 different storage mediums (e.g., 1 in the cloud and 1 stored locally).

    • 1 of these backups should be unalterable from the Internet; either on an external drive disconnected from your system or via a backup solution that does not allow rewrites.

1 off-site

  • You have one 1 backup that is off-site, meaning not in close proximity to your primary backup (either virtual or physical).

Protect your backups from unauthorized access by others.

  • Encrypt your backups, otherwise a download will provide all of your data and/or intellectual property.

  • Limit physical and electronic access to your backups to prevent unauthorized people from viewing, altering, deleting your backups.

Create and maintain an inventory of your backups.

  • As you should have multiple backups, it is important to maintain an inventory of where your data is stored and what version of your data is stored there.

Test your backups periodically.

  • Regularly testing (at least once per academic term) your backups helps ensure that they are actually restorable and reliable in the event of an actual incident or disaster.

    • You don’t want to find out that your backups have been corrupted or are incomplete when you need them.

  • Testing involves performing full and partial restorations of backups into a test environment, allowing you to verify usability and overall data integrity.

  • Contact your Local IT group for additional guidance on how to test your backups.

Securely destroy old copies of backups.

  • When a backup copy is deprecated and no longer needed, be sure to securely delete the data to reduce the risk of a data breach.

  • Ensure you are retaining backup copies long enough to allow for rollbacks to last clean version of data (in case of delayed ransomware). 

Name

Role

Date

Michael Laurentius

Author

Sue McGlashan

Approver (Manager)

Reviewer

Search

Additional help

General

https://handbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/Contact+us#Information-Security-(IS)

Researchers

https://security.utoronto.ca/services/research-information-security-program/

Related articles