Cybersecurity: Backup. Backup. Backup.
Posted on 05.04.17
Suppose that the worst case happens and you've been hacked, ransomware propagates across your network, or an ill-willed insider destroys critical records. You need to be able to recover and recover quickly. After all, your customers are waiting, and you are in the business of providing your product or service, not spending days or weeks rebuilding your systems.
With a robust backup system in place, recovery from these attacks can be a relatively painless procedure. A good practice is to start creating backups of your most critical data, and, for the same reason we have fire drills, periodically practice restoring it. Practice restorations are important because many applications have custom backup procedures that produce a copy of data that is meant to be ingested by the application’s restore function. Data that is backed up improperly may not be able to be restored quickly or at all.
At least one of your backups should be maintained separately from your network. Backup systems that are persistently connected to your network may become compromised during a security event, rendering it useless. This weakness can also translate to cloud backup solutions which automatically replicate data from your network and databases to the cloud storage facility.
A helpful guideline is the 3-2-1 rule: 3 copies of your data on 2 different types of media with 1 being off-site, but your needs may vary.
- In policy, assign responsibility for performing backups of critical data and periodically testing data restoration procedures.
- Assess your current backups to determine if:
- All critical data is backed up
- Periodic (daily) backups are created and stored separately from the network.
- Critical/sensitive data that is backed up is also protected from unauthorized access
The content in this article covers just one aspect that small to mid-size businesses need to address for Cybersecurity. Download the entire whitepaper below to access additional Cybersecurity suggestions.