Cybersecurity: Backup. Backup. Backup.

Posted on 05.04.17

Cybersecurity: Backup. Backup. Backup.

Suppose that the worst case happens and you've been hacked, ransomware propagates across your network, or an ill-willed insider destroys critical records.  You need to be able to recover and recover quickly.  After all, your customers are waiting, and you are in the business of providing your product or service, not spending days or weeks rebuilding your systems.


With a robust backup system in place, recovery from these attacks can be a relatively painless procedure. A good practice is to start creating backups of your most critical data, and, for the same reason we have fire drills, periodically practice restoring it.  Practice restorations are important because many applications have custom backup procedures that produce a copy of data that is meant to be ingested by the application’s restore function.  Data that is backed up improperly may not be able to be restored quickly or at all.

Small to Mid-Size Business Cybersecurity

At least one of your backups should be maintained separately from your network. Backup systems that are persistently connected to your network may become compromised during a security event, rendering it useless.  This weakness can also translate to cloud backup solutions which automatically replicate data from your network and databases to the cloud storage facility.

A helpful guideline is the 3-2-1 rule: 3 copies of your data on 2 different types of media with 1 being off-site, but your needs may vary.

Actionable Steps

  • In policy, assign responsibility for performing backups of critical data and periodically testing data restoration procedures.
  • Assess your current backups to determine if:
    • All critical data is backed up
    • Periodic (daily) backups are created and stored separately from the network.
    • Critical/sensitive data that is backed up is also protected from unauthorized access

The content in this article covers just one aspect that small to mid-size businesses need to address for Cybersecurity.


Interested in learning more about Keiter's cybersecurity services? Contact us. Our Cybersecurity team can provide you with critical insight into your company’s cybersecurity footprint.

Additional Cybersecurity Resources:

The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.

Posted by: Christopher Moschella, CPA, CISA

Chris is a Senior Manager in Keiter’s Risk Advisory Services. Chris has a strong combination of IT skills, which range from IT audit and internal control assessments, including general computer controls and application controls, to full stack web development. Most recently, Chris developed a Cybersecurity web application that assesses an organization’s resistance to social engineering attacks. Chris shares his cybersecurity insights on our blog