October is Cyber Security Awareness Month, and while we don't think that cyber awareness is something to cover just once in the year, we think it's a good opportunity to publish some information that can be used all year round.
Awareness Day Twenty Three : Backups
Awareness Day Twenty Three: Backups

Consider your backup processes and methodology.
Are you able to restore the server configuration from a backup?
How relevant is the data you have backed up?
Is your backup protected from malware/ransomware?
Where are the physical locations of your backups?

For systems that you use that are cloud based, such as your MIS and your organisation's website - have you checked that they hold an appropriate and up to date backup of your data as part of their regular service?

Review the DfE Meeting Digital and Technology Standards in Schools and Colleges : which advises you to backup. The most common risk of cloud data loss is accidental or deliberate data deletion by users. Although data loss by cloud providers is uncommon, it can happen.  Loss of data can lead to a data breach and mean you need to inform the appropriate authorities. It may also obstruct or prevent critical business operations. You should already be meeting this standard to help safeguard, protect and secure your data and systems. It is also a requirement for meeting data protection legislation.

Review: NCSC Backing up you Data

More questions like these are in our Information and Cyber Security Checklist (only viewable with a valid Data Protection Education subscription):