Do it now! While you have time. 🙂
Security category – 12.3. Backup
12.3.1. Information backup.
No matter how secure we are, risk can never be completely eliminated, and we should prepare for the day when we need to recover from an incident that has separated us from our valuable data. This can be in the form of lost information or lost configuration, having a strong backup policy protects us in these situations. By having important data regularly backed up, with those backups tested to ensure we can restore from them, we can limit the impact of an attack. When designing a backup policy, it is important to ensure that storage requirements and the value of the data stored is considered during planning. Best practices include keeping separate copies of the backups in geographically separate locations, minimizing time between backups to the company’s acceptance of how much data can be lost and ensure staff are trained to be able to restore data from backups when required.