Certified: The Security+ Prepcast

In this episode, we are kicking off a two-part series on backup strategies and best practices. Backups are one of the most fundamental pillars of cybersecurity and disaster recovery. Without a solid backup plan, organizations are left exposed to data loss, ransomware, hardware failure, and even human error. Yet, despite their importance, backups are often misconfigured, infrequent, or stored in vulnerable locations. In this first part, we will focus on onsite versus offsite backups and the importance of selecting the right backup frequency. These topics are vital for the Security Plus exam and even more essential for real-world resilience.
Let us start with onsite and offsite backups. Onsite backups refer to data copies that are stored locally, usually within the same physical facility or on the same network as the original systems. Offsite backups, on the other hand, are stored in a different physical location, which could be another office, a dedicated data center, or a cloud service provider. Each approach has its advantages and disadvantages, and most organizations benefit from using a combination of both.
Onsite backups offer speed and convenience. Because they are stored close to the source data, restoring files from an onsite backup is often faster and more efficient. This makes them ideal for recovering from minor issues like accidental file deletion or a failed software update. For example, if a user mistakenly overwrites a document, the help desk can restore it from a local backup in minutes. Onsite backups can also be automated to run frequently, making it easy to maintain an up-to-date recovery point.
However, onsite backups are vulnerable to the same risks that affect the primary systems. If a fire, flood, or ransomware attack hits the facility, both the original data and the backup could be lost or compromised. This is where offsite backups become essential. By storing a copy of the data in a separate location, organizations ensure that even if the worst happens, recovery is still possible. Offsite backups are especially important for disaster recovery and business continuity planning.
The downside of offsite backups is that they can take longer to restore, especially if the data must be downloaded over a slow internet connection or physically shipped. There may also be added costs for storage space, bandwidth, or managed backup services. Despite these drawbacks, the security and reliability of offsite backups make them indispensable for long-term resilience.
Let us consider a few practical examples. A small accounting firm relies on daily onsite backups stored on a local server in their office. When a hardware failure corrupts part of their financial records, they are able to restore the affected data quickly from their local backup. This shows how onsite backups can provide fast recovery for localized problems. But now imagine a different scenario. That same accounting firm suffers a fire that destroys their office. Without an offsite backup, their client records, invoices, and compliance documentation are gone. In contrast, another firm with cloud-based offsite backups is able to resume operations within a few days from a temporary location. The difference is not about technology—it is about planning.
Many organizations follow the three-two-one rule for backups: keep three total copies of your data, store them on two different types of media, and place one copy offsite. This simple but powerful guideline helps organizations build redundancy into their backup strategy and reduces the likelihood of complete data loss. For example, one copy may be stored on a local server, another on an external hard drive, and a third in the cloud.
Now let us shift our attention to backup frequency. Backup frequency refers to how often data is copied and stored for recovery purposes. The right backup schedule depends on the organization’s tolerance for data loss, which is often measured in terms of recovery point objective. This refers to how much data the organization is willing to lose, expressed in terms of time. For instance, a recovery point objective of four hours means that the organization is willing to lose no more than four hours of data in the event of a failure.
Some businesses, like online retailers or financial institutions, may need near-continuous backups to meet their tight recovery point objectives. Others, like a small law firm or nonprofit, may be fine with nightly or even weekly backups. The key is to align backup schedules with the actual needs and risk profile of the organization.
Let us walk through some real-world examples. A large e-commerce platform performs incremental backups every fifteen minutes and full backups once per day. This ensures that customer orders, inventory changes, and account updates are preserved in near real-time. When a database corruption issue occurs, they are able to roll back to a recovery point that is only a few minutes old. This minimizes lost revenue and prevents customer dissatisfaction.
Now compare that to a regional construction company that backs up its systems once a week. One Friday afternoon, a ransomware attack locks up their files. Because their last backup was completed the previous Sunday, they lose five days of project data, client emails, and time tracking records. The business eventually recovers, but the downtime and data loss are painful. Afterward, they revise their backup frequency to include daily backups and a monthly offsite archive. The lesson is clear: your backup schedule should reflect how much data you can afford to lose.
There is also a trade-off between backup frequency and system performance. More frequent backups can consume bandwidth, processing power, and storage space. This is why many organizations use differential or incremental backups. A differential backup stores all changes since the last full backup, while an incremental backup stores only changes since the last backup of any type. This reduces backup time and storage usage while still maintaining recovery integrity.
From a Security Plus exam perspective, you should understand the pros and cons of both onsite and offsite backups and be able to evaluate different backup schedules. You may encounter questions that ask which type of backup strategy would reduce downtime or limit data loss in a given scenario. Look for clues like speed, cost, physical location, or recovery time objectives. Also, be ready to distinguish between full, incremental, and differential backups if asked.
Here is a tip for answering backup-related questions on the exam: If the scenario involves rapid recovery from a minor issue like accidental file deletion, onsite backups are likely the answer. If the situation involves large-scale disasters or compliance with data retention laws, offsite backups will usually be the best choice. If the question centers around minimizing lost work hours, focus on frequent backups and recovery point objectives. And if the question asks how to balance storage and speed, think about combining full, differential, and incremental backups.