Skip navigation

Small business guide to cyber security | Step 1: Backing up your data

Written by: Mettle editorial
3 min read

In the first of our series with the National Cyber Security Centre, we bring you 5 steps to making your business more cyber secure.

Small business guide to cyber security 1

We’ve teamed up with the National Cyber Security Centre to bring you tips and guides on making your business more robust to cyber threats. 

Over 6 blog posts, we’ll take you through the guide, step-by-step and leave you with actionable tips so that you can make your business more secure. In the first of this series, we’re bringing you the Small Business Guide on being more cyber secure.

For more information and other tips and guides you can head to www.ncsc.gov.uk.

Cyber security needn’t be a daunting challenge for small businesses owners. Over these next five blogs, we’ll outline easy steps that could save time, money and even your business’ reputation. This guide can’t guarantee protection from all types of cyber attack, but the steps outlined can significantly reduce the chances of your business becoming a victim of cyber crime.

If you want to improve your cyber security further, then you can also seek certification under the Cyber Essentials scheme, which has the benefit of demonstrating to your clients (or prospective clients) that you take the protection of their data seriously.

Step 1 - Backing up your data

5 things to consider when backing up your data.

Think about how much you rely on your business-critical data, such as customer details, quotes, orders, and payment details. Now imagine how long you would be able to operate without them.

All businesses, regardless of size, should take regular backups of their important data, and make sure that these backups are recent and can be restored. By doing this, you're ensuring your business can still function following the impact of flood, fire, physical damage or theft. Furthermore, if you have backups of your data that you can quickly recover, you can't be blackmailed by ransomware attacks.

This section outlines 5 things to consider when backing up your data.

Tip 1: Identify what data you need to back up

Your first step is to identify your essential data. That is the information that your business couldn't function without. Normally this will comprise documents, photos, emails, contacts, and calendars, most of which are kept in just a few common folders on your computer, phone, tablet or network.

Tip 2: Keep your backup separate from your computer

Whether it's on a USB stick, on a separate drive or a separate computer, access to data backups should be restricted so that they:

  • are not accessible by staff

  • are not permanently connected (either physically or over a local network) to the device holding the original copy

Ransomware (and other malware) can often move to attached storage automatically, which means any such backup could also be infected, leaving you with no backup to recover from. For more resilience, you should consider storing your backups in a different location, so fire or theft won't result in you losing both copies. Cloud storage solutions (see below) are a cost-effective and efficient way of achieving this.

NCSC 1

Tip 3: Consider the cloud

You've probably already used cloud storage during your everyday work and personal life without even knowing - unless you're running your own email server, your emails are already stored 'in the cloud'.

Using cloud storage (where a service provider stores your data on their infrastructure) means your data is physically separate from your location. You'll also benefit from a high level of availability. Service providers can supply your organisation with data storage and web services without you needing to invest in expensive hardware upfront. Most providers offer a limited amount of storage space for free, and larger storage capacity for minimal costs to small businesses.

Tip 4: Read our cloud security guidance

Not all service providers are the same, but the market is reasonably mature and most providers have good security practices built-in. By handing over significant parts of your IT services to a service provider, you'll benefit from specialist expertise that smaller organisations would perhaps struggle to justify in terms of cost. However, before contacting service providers, we encourage you to read the NCSC's Cloud Security Guidance. This guidance will help you decide what to look for when evaluating their services, and what they can offer.

Tip 5: Make backing up part of your everyday business

We know that backing up is not a very interesting thing to do (and there will always be more important tasks that you feel should take priority), but the majority of network or cloud storage solutions now allow you to make backups automatically. For instance, when new files of a certain type are saved to specified folders. Using automated backups not only saves time but also ensures that you have the latest version of your files should you need them.

Many off-the-shelf backup solutions are easy to set up and are affordable considering the business-critical protection they offer. When choosing a solution, you'll also have to consider how much data you need to back up, and how quickly you need to be able to access the data following an incident.

Ready for step 2? Click here to learn how you can protect your organisation from malware.

Mettle editorial
linkedIn logo

At Mettle, our aim is to give everyone the financial confidence to work for themselves, and that’s no different with our content. We want to give small business owners, freelancers and sole traders the tips, tricks and industry updates they need to run their businesses. 

You might also like

Small business guide to cyber security | Step 2: Protecting your organisation from malware
Small business guide to cyber security | Step 3: Keeping your smartphones (and tablets) safe
Small business guide to cyber security | Step 4: Using passwords to protect your data