Although your backups may well be “good” as far as you know, your backup strategy itself may need to be re-visited, here’s some high-level questions to start with:

What are you backing up? Just the data, or the whole environment? In other words, if you were to fall foul of a cyber attack and lose everything how quickly or easily could you recover with only the data and no applications?

When do you backup? Backup strategies differ from company to company but rarely change or are re-visited in the light of emerging threats. Running a backup once a day overnight to tape may have been sufficient for the past 10 years, but could that 24 hour window now present a risk?

How often are your backups tested? It is all very well running daily, weekly, monthly and quarterly backups but when did you last do a proper so-called disaster recovery test to prove that your business could function after a worst-case scenario?

What methods do you use to verify the integrity of the restored data from your backups? It is not enough to simply read the report that says ‘the backup completed without errors’. You should be restoring that data regularly and actually verifying that the data is correct and hasn’t been altered.