5 Ways To Secure Local Data Backups for Your Company

Posted on August 20, 2020 - by Justin Gratto - in Building Your InfoSec Program

local data backup policies

Are you keeping local data backups? It might seem like everything is moving to the cloud these days, but maintaining local backups are a security best practice. Data backups that you keep local can be convenient, improve control over your data, and give you peace of mind from knowing where your data is stored. In the event of a successful malware or ransomware attack? Local backups can get you back up and running quickly, or avoid paying out an expensive ransom to get back your data. 

However, mishandled local data can also be a source of data breaches. Make sure you’re keeping yours safe with these five strategies for improving security.  

How to Improve Local Data Backup Security in Your Company

If you’re keeping your data backed up, make sure you’re doing it smartly. Many cybersecurity professional write the 3-2-1 backup method into their company security procedures. That method requires keeping at least three recent copies of your data: storing two copies locally on different storage mediums or locations, and storing one more copy with a cloud storage provider. With that best practice in mind, we recommend that you take the time to:

1. Update Your Security Policies

Make sure that your security policies note that you’re using local backups for your data because this has ramifications for your overall strategy. Your procedures, the steps you take to adhere to your policies, should cover things like:

  • Physical access control to the devices where you store the backups.
  • User account access to the parts of the server where they’re stored.
  • Whether backups are automated and how they’re collected.
  • If you’re also backing them up with a cloud service.
  • Whether you have a data backup kept offline, keeping it safe in the event that your network and internet-connected devices are compromised. 

2. Revisit Your Incident Response Plan

Local backups may mean that all of your data remains within easy reach, which might give you some peace of mind. However, in the event of an incident or a disaster, you’ll need to have a plan on hand for those physical devices. Make sure your incident response plan includes procedures for securing, if not physically removing, your locally backed up data. 

3. Encrypt Everything

According to Gartner, someone steals a company-issued computer or device every 53 seconds. Imagine if that device held your backups. While you should have strong access controls in place, encryption provides another layer of protection. It ensures that even if someone does access the device or file location, they’re unable to acquire the data itself.

(At a minimum, we’d recommend you turn on BitLocker for Windows 10, or set your preferences in macOS to encrypt your hard drive.)

4. Choose Your Storage Location Wisely

In small offices, space may be tight. However, you don’t want the server storing your backups in a high-traffic area where anyone can walk up to them. Make sure you choose a secure location, such as a locked cabinet or closet. 

Likewise, some companies may prefer “local storage” that’s in the same building or city, but not necessarily near the office itself. That can be a smart move in the event of an on-site disaster, something you may want to consider in your business continuity and disaster recovery plan. Though natural disasters can happen nearly anywhere, it’s definitely worth considering if events like hurricanes or flooding are more common in your region.

5. Consider Using a Vendor

Managed service providers are common in the tech world today. These specialists have the facilities and expertise to keep your data safely backed up at their facilities. They might even be able to help you automate it, ensuring you never miss an update.

However, not all MSPs are created equal. Make sure to inspect their offerings to check their offsite storage, data centers, courier services, and cybersecurity measures are of the caliber that you need. 

Don’t Skimp on Security for Your Data Backups 

Local data, backups, and physical security are all topics B2B companies regularly encounter in vendor security questionnaires. Having a good set of policies and maintaining your security practices makes it easier to respond with confidence to such assessments.  

If you ever need your local data backups, you’ll be grateful you took the preventative steps to avoid a business operation disaster.


Get custom information security policies generated for your business in minutes. Securicy guides you through creating, implementing, and managing your cybersecurity plan.

Try Securicy Free

About the author

Justin Gratto is a Canadian Army veteran, experienced information security professional, and the Senior Director of Product at Securicy. Justin is accountable for product ownership at Securicy, a SaaS platform that assists businesses through creating, implementing, and managing their information security and privacy compliance program. He leads the customer success team, coordinates advisory service delivery, and holds the responsibility of Security and Privacy Officer at Securicy. When Justin isn’t performing his duties at Securicy, he likes to go on adventures to new places to visit, learn about, and taste different cultures. He is from Nova Scotia, Canada.