Ensuring that your practice’s data is regularly backed up will limit the impact of serious events such as flooding, fire, physical damage, theft or cyberattack. Data backups should be stored separately from your main practice systems on a separate hard drive, computer or via cloud storage [1]. Most cloud storage providers offer a limited amount of storage space for free, and larger storage capacity for minimal costs. The National Cyber Security Centre (NCSC) has provided Cloud Security Guidance [2] which will help you decide what to look for when evaluating cloud storage providers’ services.
Identify what data needs to be regularly backed up and how quickly you would need to be able to access it following any incident.
• This is the information that your practice couldn't function without and will normally include patient records (including radiographs and photographs), financial information, documents, emails, contacts, and appointment calendars.
Back up data at agreed regular intervals or using automatic back-ups which do not require any input from staff.
• The majority of network or cloud storage solutions allow you to make backups automatically, for example, when new files of a certain type are saved to specified folders. Using automated backups not only saves time, but also ensures that you have the latest version of your files should you need them.
Keep your backup separate from your main computer systems.
• Ransomware (and other malware) once installed can often automatically move to attached storage. This means that if the device you are using to store your back-up is connected to your main IT systems it could also be infected, leaving you with no backup to recover from.
Restrict access to data backups so that they are not accessible by unauthorised staff.