I’m a bit paranoid about backing up data.
Last week, a story made the news about a hospital that was attacked by ransomware, and how they had to pay $17,500 to unscramble patient records and other data.
A better backup strategy might have helped. (The hospital did have backups, but those were scrambled as well.)
In the last couple of weeks, we’ve had two different customers affected by ransomware.
In one case, we had a recent backup of their site. So we were able to restore their site quickly, and worked with their hosting company to plug the security hole.
In the other case, their main site was backed up every day. But their blog wasn’t being backed up by their hosting company. So we had to rebuild it from scratch; they lost many of their blog images and content.
My recommendations:
- Make sure that your hosting company is backing up your files + your databases every day. (And find out how long the backups are kept.) Many unmanaged, cheaper hosting accounts, including Amazon Web Services, do not include backups by default. If your site is attacked, this is where you’ll look first for a backed up file. But don’t put all your eggs in a single basket: if your site is attacked, it’s possible your backups could be compromised as well.
- Consider running a script on your site that runs once a week and backs up your files and/or database to a different Web server via a secure FTP connection. (You’ll need to have a separate hosting account, but you could get a less expensive one for just backups.)
- Make sure that you have an offline backup of your site, at least every month. That way if your main Website is attacked, you can quickly restore to that version. Yes, you’ll lose any changes that were made in the past month. But it’s better than starting completely over.
- Use a version control system, like GIT, that can also keep a backup of your important system files. Use a service like BitBucket, that will keep a copy of all of your files, including all of the various versions that have been changed.
Finally, if you’re really paranoid, from time to time you should make sure that the backups can actually be restored quickly and easily. (We do this all the time when we create development or test sites for customers.)
Let me know if you’d like help with your backup strategy, or if you’d like us to do an additional backup of your site each month.
Note: Just because a Web development company does work on your site does not mean that they will have a full and recent backup of your site. (If we’re just changing a logo on a site, or doing other minor work, we will usually not go through the 1-2 hour process of completely backing up a site.)
Until next time,
Jeff Finkelstein
Founder, Customer Paradigm
303.473.4400