Critical data must be regularly backed up. Do you know how?

In connection with the malfunction of electronic cadastre services, there is a lot of talk not only about responsibility for the situation and the possibilities of preventing problems, but also about the need for regular data backup. Regular data backup is very important not only for state authorities and organizations, but also for any other organization or business. In the event of data becoming unavailable, lost or any other unforeseen problem, data can be quickly restored from the backup. The duration of service outages is thus reduced to a minimum. The Telecommunication Union of the Slovak Republic reminds that when backing up critical data, it is important to follow best practices to ensure data protection and availability. Do you know what they are?
The first basic rule is the so-called 3-2-1. The number 3 means three copies of data, one primary and two backups. The number 2 means two different media. Backups should be stored on two different types of media (e.g. hard drive, NAS, cloud, blu-ray, depending on the amount and importance of the data being backed up). The number 1 means one off-site backup. One backup should be stored off-site (e.g. in the cloud or another location) to protect against physical threats, e.g. fire, flood, etc.
The second rule is to automate backups. The Telecommunication Union of the Slovak Republic recommends using automatic backups so that an organization minimizes the risk of human error. Regular planning (daily, weekly, etc.) depends on the criticality of the data.
The third rule is data encryption. Important backups need to be encrypted to protect them from unauthorized access, especially if they are stored in the cloud or off-site.
The fourth rule is to regularly test backups. Backups should be tested regularly to verify their integrity and ability to restore data in the event of a data recovery need.
The fifth rule is to use RAID (redundant array of independent disks) on local devices. The most suitable RAID types for data redundancy are RAID 1 (disk mirroring, a minimum of two disks are required) and RAID 5 (data striping with parity, a minimum of three disks are required). Using RAID is a preventative measure, not a replacement for backup.
The sixth rule is versioning of backups. It is necessary to keep multiple versions of backups (e.g. file versioning) so that data from different points in time can be restored if the current data becomes corrupted.
The seventh rule is compliance with RPO and RTO. RPO (Recovery Point Objective) determines the maximum data loss that a given organization or business can afford (e.g., backups every 24 hours). RTO (Recovery Time Objective) determines the maximum time for data recovery (e.g., within 72 hours of primary data loss).
The eighth rule is the separation of backups from the network. In practice, this means creating offline backups (e.g. external drives that are disconnected after the backup) to protect them from ransomware and other cyber threats and to store them, for example, in a vault.
The ninth rule is up-to-date documentation and recovery plan. It is always necessary to have detailed documentation of the backup process and a data recovery plan in the event of a disaster or some kind of cyber attack.
The tenth rule is to use cloud solutions. If using the cloud, you need to choose a reliable provider that offers redundancy, encryption, and fast recovery options.
Following these principles increases the chance that critical data will be safe and available even in the event of unexpected events. At the same time, in addition to these ten principles, it is also necessary to ensure that people who come into contact with critical data have their computers protected by a commercial antivirus that has an up-to-date database of potential threats. In practice, this means that the antivirus is regularly updated, because in this segment, a week-old database is a potential problem.