Data Backup Best Practices

Data storage is a critical component of any modern business. Virtually every piece of information from customer invoices to employee resources is stored digitally. While this makes for incredibly convenient access, it also makes this information susceptible to loss. Corruption may render files inaccessible. Employees may accidentally delete or modify critical files. Malware can infect or steal data. Flooding or fires can even destroy the physical server that stores the data.

Backing up data consistently and following best practices can help mitigate the impact these losses can have on business operations. If you’re using Claris FileMaker, there are also a number of features you can utilize to put these practices into action.

Ensure your data is backed up often. For any number of reasons, from power outages, to floods or fires, to human error, data can be lost. It’s important to have this data backed up elsewhere, in the event that your data server is somehow rendered inaccessible.

Data should be backed up at least every 24 hours. This ensures that, even in the event of a catastrophe, teams will still have access to relatively up-to-date information. Depending on the nature of the industry and how often critical pieces of data are updated, some businesses opt to back their data up more often.

Claris FileMaker can automate this process to help protect data and guarantee timely backups.

Backup data off-site. It’s incredibly important that your primary server and backup server are not in the same location. If a catastrophic event impacts the viability of a server in one location, the other server will not be affected.

Encrypt sensitive data. While accidents can certainly happen, it’s also important to encrypt data. Encryption ensures data cannot be changed or stolen, either by malicious third-parties or employees making accidental changes. Encryption acts as a second layer of protection that ensures the safety of your backups.

FileMaker offers encryption features that make this process seamless.

Utilize security measures. Password protect important data or employ a system where only necessary users have relevant access. This helps prevent attacks from third-parties, but also ensures employees won’t accidentally access information they shouldn’t be able to access.

Claris FileMaker includes the ability to password protect information and grant or deny specific users (or groups of users) access.

Account for endpoints. While your database may act as a single source of truth, it’s also possible that employees out in the field are using their personal devices or company-assigned devices to access your platform. In some instances, namely when reception is poor, the data updated on these devices may not reflect in real time. Backing up individual devices can help to create a more robust and accurate backup.

If you’re looking for ways to back up data or want to know more about FileMaker, Kyo Logic is here to help. You can reach out to us here.

Secure Your FileMaker Database with Encryption at Rest

Claris’ FileMaker platform offers a number of great avenues for keeping your data secured. One of these avenues is to secure the database itself using Encryption At Rest. To be as un-technical as possible, this keeps your data in an unreadable form that can only be opened with a secure key. So, if the database is stolen, the thief would have no way of opening and reading or extracting your data without also have your secure key.

We recommend encrypting ALL FileMaker databases with sensitive data.

How to encrypt a database?

The first step is to get the database onto a local computer. If the database is currently hosted using FileMaker Server, it must be closed and then removed from the server. You will then Open the Developer Utilities. (If you do not see Developer Utilities, it means that you do not have advanced tools turned on. There is a checkbox in FileMaker Preferences to turn this on)

You will select the file you want to encrypt, what folder you would like the encrypted file to be saved to and then select Solution Options.

Here, you will select Enable Database Encryption, enter a shared ID (or just leave the default one), specify one of the database’s Full Access FileMaker accounts and then enter your encryption key. (Make sure to keep the key on file. Once a database is encrypted, the ONLY way it can be opened is by entering that key). You can then choose whether or not to keep Open Storage, which relates to FileMaker’s container data. There are some situations where you may want to keep the container data open even though the database is closed. This should be determined on a case-by-case basis.

Alright! You now have an encrypted file. You will notice when you try to open it, it first asks for the encryption key before it asks for your username and password.

How does it work with FileMaker Server?

Now, you will upload the database back to your server. When you do so, you will see this alert:

When you open up your admin console, you will notice that the file is indeed closed.

You can open the file through the admin console, and when entering the encryption key select “Save Password” or through the command line as shown below.

By saving the password, when you close and open the database, it will open the database without asking for your encryption key.

How does the new FileMaker Server 19.1.2 Update Relate to this?

With the new FileMaker Server 19.1.2 release, you can now run two new system-wide scripts automatically through FileMaker Server’s script schedule.

The first script, SYS_Default_PurgeTempDB, clears the temporary cache of the server. If your server is not restarted often, this temporary cache can become quite large and affect the performance of the server. Now with this script, it can be cleared weekly, daily, or even hourly if needed.

The second script, SYS_Default_VefiryAllDB, will verify all databases on the server to confirm that none are corrupted. During the process, the server will close each file, run the verification, and then open the file back up. The server, however, can only open an encrypted file if its key is saved to the server using the command line script. Because we want this schedule to be run automatically, it is necessary for the encryption key to be saved to the server in order to run this script.