What You Need to Know About Website Backups

As a business owner, your website is the center of your brand. Therefore, it is vital that you back up your website. Every aspect of your website is the result of your decisions and ideas. There are several security precautions you should take, including:

• Scanning for viruses (AV)
• Security awareness education
• Password management that is proactive
• Configuration of the web application firewall (WAF)

Unfortunately, you are vulnerable to cyber attacks regardless of how hard you work on these cyber security best practices. This is not a scare tactic to trick you into buying anything. It's the truth. Fortunately, there is one item that provides genuine peace of mind in the worst-case scenario: current, authenticated backups.

A backup is a duplicate of the original files. A traditional backup is a compressed Zip, Tar, 7z, or Brotli archive containing files from which individual files can be extracted. A snapshot is a type of backup that can only be created and restored once.

Backups include everything you want to restore if your web server goes down: files, emails, databases, and even logs if you use Security Information and Event Management (SIEM).

Suppose your website data gets corrupted or deleted due to problems with the hosting provider. In this case, the last thing you want to do is rebuild the site from scratch. This can take several weeks. Meanwhile, your sales, search engine optimization (SEO), and branding will suffer.

It is entirely your responsibility.

Yes, we'll go there first. We are all aware that we should read Terms of Service (ToS), particularly rules pertaining to data responsibility and personally identifiable information (PII). Unfortunately, this is not always the case. Some services like tldrLegal can help big companies with terms of service that are too complicated for the average reader. The following is our backup liability policy:

• While Rhyno Cybersecurity Hosting keeps backups for clients who choose to use Backup Manager, Rhyno Hosting accepts no responsibility for the availability or completeness of client data backups. Clients are required and urged to keep backup copies of their own data.
• It is your data, regardless of what the terms of service of a web hosting or cybersecurity company claim. Even if you assign responsibility for data maintenance to a third party (known as risk transfer), it is ultimately your obligation. Backups should be downloaded to a local, physical storage device in your possession, regardless of how you manage them.

Cyber Attacks and Disaster Recovery

Amazon.com went down for a few minutes "due to unidentified technical issues" in 2013, and their estimated loss was around $2 million. That is a massive corporation with a significant IT support staff. How long would it take you to notice and repair an issue on your eCommerce site that was preventing customers from making purchases? It might take considerably longer than you think if you don't have uptime monitoring and regular user experience (UX) auditing.

Let's go through some more relatable scenarios. Website defacement, when a hacker modifies the appearance of your website to indicate that it has been hacked, requires you to:

Restore a functional website as quickly as possible.

• Determine how the hacker obtained access to make the changes.
• Take efforts to reduce future cyber risk.

Let's apply this to WordPress, the most popular LAMP stack content management system (CMS). If your website has been vandalized, unexpected changes may have been made to your WordPress database, config files, and PHP code. Deep within the obfuscated code might be spyware or other viruses. Do you want to acquire server logs before restoring a full cPanel backup, or do you want to manually test each WordPress file and database table?

Ransomware is growing increasingly common on cloud servers and PCs because people are paying the ransom. Unfortunately, the people paying for it are usually the ones who don't have backups. That means hoping the anonymous hacker would keep his word upon receiving your untraceable bitcoin payment. The best answer is to just restore a backup and move on.

Business owners should be familiar with security incident response protocols.

Changes to be Tested in a Staging Environment

Let's say you want to experiment with a new third-party integration (plugin, module, addon, etc.) but don't want to disrupt your live (production) site. For example, perhaps you've recently installed PHP 8 on your web server and wish to check for compatibility concerns. Rather than performing rogue coding on a live site, restore the backup to a private server space or offline system (development) environment. Then, after you've completed documenting your improvements in the staging environment, you can easily apply changes to the live site.

It's Simple

Backup management is not complex. Backups can be opened using free software (e.g. 7zip and Engrampa). Your hosting plan and specific web applications determine your optimal backup strategy.

• Backup capabilities or integrations are available in WordPress, Drupal, and other CMSs.
• On managed VPS and dedicated server hosting, cPanel includes a Backup Wizard and automatic backup configuration.
• Linux systems have zip, tar, and cron command-line interface (CLI) tools to schedule backups in the terminal.
• Web applications and server administration software may be able to connect to numerous cloud storage services with ease.

Rhyno Hosting offers free premium offsite backups via a Managed backup system solution for scheduled backups.

Peace of mind and reassurance

Ultimately, you have an obligation to keep backups of your website in case you need to recover from an attack or work in a staging environment. At least one monthly backup is better than none at all. The best way is determined by your particular tastes and what you do.

How Should Your Website Be Backed Up?

The simplest solution is to generate a full server backup as well as a snapshot. In this manner, depending on the conditions, you can restore any one file or a complete snapshot. If you solely manage a web application, search for an integration that allows you to backup raw files and databases specific to that app. For example, email users can copy emails from a desktop email client like Thunderbird to a local folder.

How Frequently Should You Make Backups?

How frequently do you make changes to your website? If it's less than monthly, consider backing up the website before making any changes. If it is more frequent, weekly may be preferable. Suppose it's more often than once a day. In that case, you may want to consider a more comprehensive backup system that manages differential and incremental backups.

• A differential backup contains data that has changed since the last complete backup.
• An incremental backup contains data that has changed since the last full or incremental backup.

Where Should Backups Be Stored?

They should not be on the same server. Instead, download the backups, test them, and save them in various locations: an external drive (hard disk, SSD, NVMe, tape, etc.) and/or a cloud storage provider (e.g. Dropbox, Google Workspace).

How Long Should Backups Be Stored?

This is mainly determined by the amount of storage space accessible to you. If you can't maintain more than three full backups, preserve the most recent backups or a recent backup with one from the beginning of the month.

About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

Visit Rhyno Cybersecurity