How to Suck at Data Backups

This is presented in the same vein as Lenny Zeltser's How to Suck at Information Security.  If you have not read Lenny's article it is highly recommended.

If you want to avoid data loss avoid these behaviors. A more thorough article is available over here.

Management tasks

  • Ignore your backup window run time.
  • Assume that what needs to be backed up today will be what needs to be backed up tomorrow without any ongoing review.
  • Run your backups manually.
  • Only run backups now and then when “something changed”.


  • To take backups offsite just throw them in your car or take it home with you.
  • Don't physically secure your offsite backups.
  • Don't encrypt your backups.


  • Never read any logs.
  • Never test your backups.
  • Don't document your backup and recovery plan.
  • Don't have a plan for getting offsite backups onsite in an emergency.
  • Don't worry about the availability of your backup media outside of “normal” hours.
  • Only plan to recover from natural disasters.
  • Only plan to recover from malicious attacks.
  • Only plan to recover from hardware failure.
  • Only plan to recover from accidental deletions or corruptions.
  • Don't rotate between multiple media sets. One tape set is enough.
  • Don't consider the need for both whole system and individual file recovery.


  • Don't take backups offsite for safe storage.
  • Use RAID for backups.
  • Only have offsite backups.
  • Only use online backups.
  • Copy data between servers as a backup.
  • Use the same single tape over an over ignoring any tape error messages you may receive.
  • Send all your backups to dev/null :)


Don't forget the install media

Never store your backups without ALSO including operating system install discs, backup software install discs, and any required activation keys for that software.