So you are taking backup data off-site on a regular basis. Good.
Your key staff person faithfully makes a daily backup of your server to a portable hard drive. Once a week this person dutifully brings in the portable hard drive used for last week’s daily backups. As directed, this person disconnects the portable drive with the newest data from the server, plugs the other one in to the server, then puts the drive with new data in her backpack to take it home that night.
What else could go wrong? Do you see the risk?
What if there is a fire on campus during the day your backup is cycled out? Both the media with older data and the media with newer data are both on-site. There is a serious exposure for that eight-hour period of time every week because all your backups are in the building.
The solution?
Don’t have all your backup media on-site at the same time. The easiest way to solve this would be to have several sets of media so there’s a couple of old sets off-site. Another practical way would be to take the media with newest data off-site and then tomorrow bring in what is now the older set of data. (The challenge with that approach is often the backup runs at night.)
You may scratch your head and wonder why I’m mentioning this. “Seems so obvious,” you think.
It may be obvious as I described it, but I have encountered this situation lots of times during my public accounting career. It is a hole in the backup protocol that is so subtle that someone could miss it if it isn’t pointed out.
You should structure your off-site protocol so that there is always at least one set of good data off-site, especially on the day you cycle out the backup media.