7 minutes reading time (1474 words)

Backup - Protecting all of your data

Backup - Protecting all of your data

Backup - Protecting all of your data

This is Part One of a new series for GDPUK, on computers and dental practice sytems.

Backup is without doubt the most important element of your IT Infrastructure, without a robust backup process in place in your practice your patient data is at risk, and if you lose your patient data, your whole practice is at risk – 60% of businesses that lose their data close within 6 months1

So, the question really is, do you know if your data backup process is up to it’s job? Look at these five questions and see how you would answer:

  • Does a member of staff take data home from the practice on a USB drive (or tape)? If YES, is the data safe while in transit or is it just dumped at the bottom of a handbag? Is the USB drive encrypted? Do you have a process documented if it gets lost?
  • Do you get daily reports that your backup has been successful? If NO, how can you comply with the CQC rules on monitoring and managing your backup? and more importantly how do you know you actually have a current, viable backup of your live data?
  • Does your backup get tested regularly with a ‘test restore’? If NO, you might be backing up a bad image of your data and when you really need it will be the first time you realise this – but by then it will be too late.
  • Do you know what to do in the event of a data disaster? If NO, then you need to have a proper documented process, so everyone knows their responsibilities.
  • Does someone take responsibility and control of your backup? If NO, how do you know that everything mentioned above is working (or not).

So, where to start with backup. Well, as it is so important to ensure you are backing up data, and the fallout from losing data is so severe it can seem quite daunting, but actually with one simple rule you can make sure you protect yourself from any data loss. I could easily write 100 pages on backup and all the nuances, best practices, regulations, ISO certificates, different software and hardware solutions – but that would just bore everyone. So instead I felt your time would be better suited to an explanation of this rule:

The Rule of Three

The rule of three is the bare minimum you should be doing to protect yourself, in my opinion you can NEVER have enough backup and this is something I always try and impress on all my clients. Ok, onto the rule of three, as this graphic shows it’s quite simply a ‘ 3-2-1 countdown’

Backup - Protecting all of your data

3 - Three Copies of Your Data

Quite simple one really to start off with, ensure that you have at least THREE copies of your data as a minimum, this can include the live copy that you are working from. In this example there are three copies

  • The server holds the live practice data, this would be classified as ‘copy 1’
  • The NAS drive that is connected to the network has a backup copy of the data, this backup is refreshed every night, out of hours. This is ‘copy 2’. The data is encrypted and protected. In terms of placement, this drive should be situated as far away from the server in the building as possible – this gives you physical protection (for instance a fire where the server is located).
  • There is also another nightly backup completed out of hours, this should be to a UK based data centre, this ‘cloud backup’ is the third copy of your data and is the most secure.

2 - Two Different Media Formats

This means across different physical storage devices, the data on your server counts as one format type and the second media format could be the “cloud backup” copy of your data.

There is nothing to say you have to stop there, even if, in your practice you have a NAS box (another format), you can still connect a USB hard drive to your server and run a Windows backup directly to that – remember what I said earlier, it’s impossible to have too much backup going on.

1 - One Copy of the Data is Offsite

This does not mean your Head Receptionist or Practice Manager taking it home in their handbag, or you taking it home and leaving it with your keys and loose change in the hallway of your house. It actually means a robust, certified, encrypted copy stored away from the premises, the most effective way to do this is via “the Cloud”. There are plenty of providers out there, the things to check for in the first instance is their location (UK preferable) and also their ISO ratings and security arrangements (and ask for client testimonials too).

If you follow this as a foundation for your practice backup then when the inevitable happens (as it will) and you suffer some form of data loss (either from hardware failure or virus attack) then you are in a much stronger position to get back to a working.

What else?

Backup is only one part of the data protection strategy in your practice though. Prevention is always better than cure so there are also other things to consider that are equally as important. Running through these (in no particular order):

Backup - Protecting all of your data

1. Antivirus Protection

What antivirus you have is key, not only must it sit on your PCs at your practice and protect you from viruses, ransomware and other nasty programs, but it should NOT interfere with your dental software – this can sometimes take some fine tuning of the settings. In 12 years of looking after Dental Practices, we have our own opinions of what is the best and we strongly recommend ESET – we receive no financial reward for recommending them, just the satisfaction of knowing that it does ‘exactly what it says it is supposed to do’. It just sits on your server (and workstations) shielding you from viruses and ransomware (remember that thing that hit the NHS in spring 2017) – they are also the best at recognising new virus strains and ‘first day attacks’.

2. Windows Updates

Keeping your Operating System up to date is crucial, the NHS attack happened because some of the PCs inside their estate were still on Windows XP – this went out of support many years ago. Everyone should now be using Windows 10 as their base operating system and should make sure that updates are configured to install. If not all of them, then definitely the crucial security ones. If you ask your IT support, they should know exactly what is going on with your updates, if they don’t it’s time to make them earn their money.

Backup - Protecting all of your data

3. Disaster Recovery Plan

If disaster does strike and you suffer a data loss it is important that you keep a clear head and approach the problem logically and methodically.

This is easier said than done though as human’s do tend to panic when we are stressed, therefore it is important to have a well thought out and comprehensive disaster recovery plan. This should include step by step instructions, important contact numbers and the location of the nearest bottle of whisky – ok, so the last part is  joke, you can drink once the data is recovered! But it is important that you plan for the inevitable with a well thought out and documented plan so everyone knows their roles and you can manage your way through the data loss with the minimum of disruption to Patients and the team.




Backup is daunting, of course it is, because it is your critical practice data, losing that is something that no Principal Dentist ever wants to consider. However once you get past the ‘scary’ aspect of the task, and focus on it as any other task and as long as you follow this simple guide you can at least sleep at night knowing your data isn’t going to get lost, compromised or ransomed off by the latest strain of ‘ransomware’.

The caveat to all of this however is: If you are ever in doubt, bring in the experts!

1according to a study by “The Diffusion Group”, who surveyed small business organisations, 60% of companies that lose their data close down within six months of the disaster and a staggering 72% of businesses that suffer a major data loss disappear within two years.

Don’t Be A Rat – Have A Quiet Word
Sorry Is The Hardest Word

Related Posts



Already Registered? Login Here
No comments made yet. Be the first to submit a comment

By accepting you will be accessing a service provided by a third-party external to https://www.gdpuk.com/

Please do not re-register if you have forgotten your details,
follow the links above to recover your password &/or username.
If you cannot access your email account, please contact us.

Mastodon Mastodon