Where Do I Begin? Building a Strong Data Backup Strategy Step by Step

Reading Time: 5 minutes
Sarah Diggs
Sarah Diggs, Client Services Manager

Along with cybersecurity, many cities acknowledge data backup as the most important IT need. Obviously, cities don’t want to permanently lose data. As a result, they usually have taken some steps toward backing up data. In many cases, though, they lack a strong strategy and foundation—leaving them at risk to still lose data even when they think they are taking the right steps.

From a non-technical point of view, it’s easy to think that doing anything is doing something—that you’re taking care of the problem if you checked it off your list no matter what the solution. However, many data backup strategies are poorly thought out and/or lack critical elements.

No matter what kind of data backup strategy and solution you have, use this post to assess its current components. After thinking about the five critical components below, ask yourself whether you need to build a stronger data backup strategy to truly protect your city’s data.

1. Identifying critical versus non-critical data

Looking at all your data equally is a strategic mistake. Think about what would happen if you lost your wallet. Would you spend equal amounts of energy getting a new sandwich shop $5 gift card as you would cancelling your credit cards? Of course not. The same kind of thinking holds true for your data. That’s why part of a good data backup strategy involves identifying your most critical data and prioritizing its backup.

Some questions to ask include:

  • What is my most critical data? Identify critical records, documents, databases, payroll, accounting, financial databases, public safety data, court data, utility billing, 911, and other mission critical systems. For your city, what do you consider your most critical data?
  • Where is it? Where is this data located? On servers? Individual computers? Thumb drives? Is it accessed over the internet?
  • Who has access to it? Is it stored on centralized servers or in the cloud where authorized employees all may access it? Or is it only on someone’s individual computer or computers?

Answering these questions will give you clarity about what data you have, where it resides, and how you will prioritize certain types of data when you back it up and recover after an incident or disaster.

2. Assessing your current data backup situation

Even if your data backup strategy right now is “nothing,” that’s a strategy. It’s good to honestly assess your current data backup solution, even if you know it may not be ideal. Some important questions include:

  • How am I currently backing up my data (if at all)? What method are you using? Tape? External hard drives? Thumb drives? Servers? An online data backup solution (whether consumer- or business-grade)? The method will affect the quality, thoroughness, and certainty of your data backup.
  • How often do I back up? Continuously? Hourly? Daily? Weekly? Monthly? Irregularly? Your frequency (or lack of frequency) will affect how much data you back up and if you will be able to recover critical data after an incident or disaster.
  • How fast can you recover? It’s nice if you’re backing up data. But some solutions can take a long, long time to recover. For example, what if it takes two months to recover data from tape backups, and that data includes your payroll application? Is that acceptable?
  • What’s the recovery point? In other words, if an incident or disaster occurs, at what point can you pick up as if nothing happened? Yesterday? A week ago? Three months ago? Knowing your recovery point is very important as it can impact the amount of data you permanently lose in a disaster.

3. Making sure your onsite data backup allows you to quickly recover from an incident

After identifying your critical data and assessing your current data backup solution, it’s time to fill in any gaps with your onsite data backup. No matter what solution you currently have, you need to ask yourself if it does the following:

  • Recovers your data within minutes: If this seems miraculously fast to you, then you need to reassess your onsite data backup. For example, if you have data backup servers onsite that replicate data from your primary servers, then they should be able to take over quickly if a server fails. Conversely, more manual data backup solutions such as an external hard drive or tape may take much longer to restore.
  • Works continuously and automatically: An onsite data backup server should back up your data throughout the day without you having to do anything. Again, manual solutions such as an external hard drive often require human intervention. If someone gets busy or forgets to plug it in, then you are not prepared for an incident.
  • Does not require internet access: If you rely only on an online data backup solution, then you will not be able to access critical data if there is an internet outage. While offline, you can still restore and access data onsite such as your payroll application.

4. Making sure your offsite data backup allows you to quickly recover from a disaster

Many cities still do not have an offsite data backup component to their strategy or they leave open significant offsite data backup gaps. Some questions to ask include:

  • Do I even have an offsite data backup component? If not, you need to address this component as soon as possible. Otherwise, you don’t have a way to recover from a disaster—whether it’s a tornado or ransomware.
  • Am I defining “offsite” correctly? You can read about the correct definition of “offsite” in our blog post “What ‘Offsite’ Data Backup Actually Means.” To summarize a key point, offsite means offsite—stored far, far away geographically from your city.
  • Can I recover my data within hours? If your offsite component leaves you with uncertainty about the amount of time it will take to recover, or if the recovery time is weeks or months, then you need a new solution. With internet access, you should be able to access your data within hours after a disaster.

5. Testing your data backup solution

Finally, we come to a still often overlooked data backup component—testing. The argument is simple: If you test your data backup solution, then you know if you can recover, how fast you can recover, and if any critical data is missing when you recover. If you don’t test, you may experience a horrible “surprise” after an incident or disaster when your data recovery is incomplete or doesn’t work at all.

For more about testing, read:


By using this 5-point assessment, you can evaluate your current data backup strategy, identify gaps, and create a plan to seek out a solution that meets all your unmet needs. The cost of a poor or incomplete data backup solution is severe—risking permanent data loss, crippled city operations for weeks and months, and failure to recover after a disaster such as a tornado or ransomware.

Need help evaluating your data backup strategy? Reach out to us today.

Original Date: 1/22/2020