- Commandment 1: Start with a Written Plan
- Commandment 2: Back Up Data Daily
- Commandment 3: Properly Label Backups
- Commandment 4: Review Backup Settings
- Commandment 5: Maintain Multiple Backups
- Commandment 6: Ensure that the Backup Medium Is Sound
- Commandment 7: Regularly Test Backups
- Commandment 8: House a Backup Offsite
- Commandment 9: Dont Overlook Security
- Commandment 10: Revisit Backup Routines
Commandment 9: Don’t Overlook Security
HIPAA and other acts of legislation place significant demands on data security. Organizations impacted by data protection requirements, such as publicly traded companies and healthcare practitioners, subsequently have implemented numerous precautions so that only specific employees or individuals have access to qualifying data the organization collects in the process of transacting business. These precautions include a series of financial checks and balances, auditing of users who access and edit restricted files, account lockout requirements, and more.
Yet, when that data is subsequently backed up and stored, it’s easy to forget that the same security and privacy restrictions apply to the backups as apply to the information contained within. When creating and storing backups, make sure that only authorized employees have access to the information being backed up as well as the physical backup media. Follow the standard practice, too, of not awarding backup operators read permissions.
Many offsite, web-based backup services offer SSL and encrypted connections for backing up data. When using an offsite backup host, remember to confirm that the operator meets or exceeds the data protection and security requirements that apply to the organization’s data.
It sounds trivial, but guard the physical security of a backup, including even a backup tape, as you would a server room. Some highly publicized personal information breaches occurred because backup media being mailed via standard commercial carriers could not be accounted for or were lost. Avoid such headaches; physically secure your backups at all times.