How to secure your company data with offline storage

Offline storage or the cloud? This is a topic that can stir a long debate. On the one hand, a monthly fee yields some handy features from the cloud storage provider. However, some security experts warn against fully relying on the cloud as a data security solution. It’s like giving your neighbour the keys to your home — you have to trust them. The same goes for storing company data in the cloud: you will have to trust the cloud service provider.

In this article, we explain how offline storage can protect your data in a way cloud storage can’t.

What is offline storage?

Offline storage, also often called offline backup or removable storage, is a type of storage that is kept away from your network. In order to access stored data, storage devices (flash drives, hard drives, etc.) have to be manually inserted into the system. This way of keeping a copy of your data is a good security practice: if anything happens to your data, you can use the offline copy to restore the lost files.

The downside is that manual backups take extra time and resources. And when a company relies on the cloud to provide storage and accessibility, making regular copies of data seems excessive. But the extra effort is worth it. According to a recent survey, 4 in 5 companies have had at least one cloud data breach in the last 18 months. That’s why securing your data offline could be one of the best steps you can take towards stronger cybersecurity.

Why you need to think about data loss in advance

Offline storage is like a 'Get Out Of Jail Free' card in cybersecurity. No matter how you lose the data, you’ll have an easy way to fix it. And in cybersecurity, there's a lot that could go wrong.

Based on the Hiscox Cyber Readiness Report 2020, data lost to cyber attacks cost the surveyed companies $1.8bn, which is a whopping 30% increase compared to the same period last year. Data suggests that these numbers are going to grow further in 2020.

Unfortunately, cyberattacks are not the only cause of losing data. Software and hardware bugs can result in data loss too. Both macOS and Windows have had bugs that deleted files, as have cloud services like Dropbox and iCloud.

When something bad happens, like a data breach, clients are often upset with the company regardless of whose fault it was. They rarely care if the mistake was made by the cloud provider,the supplier, or some other third party. All they see is that they trusted a company, and the trust was broken. So how does cloud storage differ from offline backups? Let’s compare.

Online backups vs offline backups

Let us be clear that offline backups are not a replacement for online copies, but rather a cybersecurity supplement. A combination of both cloud and offline backups prepares you for any kind of a disaster.

If you use cloud services, online backups take less time to manage and will often have a more recent copy of your data compared to an offline backup. However, when you rely on cloud services, you lose most of the control over what happens to your data.

Here are a few things to consider when using cloud data storage:

• Some cloud companies offer folder synchronization, but not data backup. So, if your file is changed (for example, it’s encrypted by ransomware), it changes on all connected devices.
• Even if a backup feature is enabled, data history often has a 14- or 30-day limit.
• Backup software can sometimes stop due to incompatibilities with the OS or other software updates. In some cases, the user is not notified, which means they could potentially lose months of data.
• Trust is an issue. Leaving data on the cloud requires you to trust the cloud provider’s competency and integrity.
• Sensitive data should be encrypted before uploading it to the cloud to prevent exposure.

Are offline backups better?

Unlike cloud storage, offline backups give you much more control. Offline storage devices are not part of your network, which naturally makes them more secure. Plus, storage devices are dirt cheap. Manual backups do, however, have their own flaws:

• The more frequently you do backups, the better, but also more time-consuming.
• Removable drives can be stolen.
• They can also be damaged, especially in places where floods, hurricanes, and fires are an issue.
• Manual backups are often perceived as a low-priority task, which could be often ignored and postponed.

With each type having its own flaws and benefits, teams can choose either an online or offline backup, depending on which one fits their requirements better. But there’s also a third option to consider — a hybrid approach. Namely, you could store frequently stored data on the cloud, and secure sensitive information via a manual backup.

Protect your data with manual backups

If you decide to go the manual backup route, or at least try the hybrid approach, there are a few steps you can take today.

Review the terms of your cloud provider

Do you know how your cloud provider protects your data? Do they use encryption? Make sure you know whether they provide backups.

Do regular backups

As we mentioned earlier, offline backups are only as good as the regularity with which you perform them. Schedule weekly backups and make it a high-priority task.

Selective backups

Some companies will find that they can be selective with offline backups. Let the cloud back up most of your data and secure the most sensitive data offline manually.

Establish secure processes when using the cloud

Once you determine what data can be shared with the cloud, establish secure, company-wide cloud storage and sharing practices.

Encrypt data

Data encryption guarantees that the information can only be accessed by you and those you assign. This applies to files stored both in the cloud and in offline backups, as well as to data stored on company computers.

Have a response plan ready

Making decisions under pressure is hard. That’s why following cybersecurity principles and preparing a response plan in advance could help you in a time of crisis.

While for some companies this will be enough, others will find more actions they could take. In the end, it all comes down to taking cybersecurity seriously, always reevaluating risks, and constantly adapting to new circumstances. Unfortunately, data is always at risk to a certain extent. All we can do is try to protect it as best we can.