Amid Increased Cyber Attacks, It’s Time to Harden Your Backups
Cyber attacks are a high priority for business owners in today’s climate. As a result, data protection is more important than ever. Backing up data is a fundamental part of a business continuity plan and has an enormous impact on a business’s ability to recover from a disaster, including a ransomware attack. However, the security and strength of backups vary.
A business is only as good as their last backup. If your business is going to lose crucial data between the present and the last time a data backup occurred, there will be problems. When considering the strength of your backups, there are numerous questions you should be asking to tailor your back up plan to weather the worst storms.
From the location of your backups to recovery testing, here are essential questions to consider:
- Do you have a business continuity and disaster recovery plan?
A business continuity plan or disaster recovery plan is a recorded policy that is designed to implement a recovery process, should the company fall victim to a potential threat. This plan is a fundamental part of a company’s backup strategy and should define your:
- Data retention policy: What is your protocol on archiving data and how long will data be stored? This may come down to days, weeks, months, or years.
- Number of saved copies: What is the appropriate number of copies to save? This will vary depending on the business and the amount of critical data stored.
- Location of saved copies: Where will you store your saved copies? It’s recommended that they are saved in different locations, such as locally, offsite, or in the cloud.
Within this plan you should determine your business’s individual RPO/RTO:
- Recovery Point Objective: The amount of data that can be lost within a period of time before significant harm occurs. This starts from the data loss event and goes back in time up to the most recent backup.
- Recovery Time Objective: This is the amount of time that a system, network, or application can be down before significant harm occurs. This includes the time spent restoring the application and its data.
Both parameters should be defined ahead of time to help dictate your disaster recovery plan overall.
2. Are you backing up your data?
We can’t talk about improving your business’s backup strategy if you don’t have one to start. Backing up your data allows your business to continue operations in the event of a major outage or cyber attack. Without a backup in place, your business will face not only significant loss of data, but substantial business interruption costs if unable to continue operations as normal.
3. Are you identifying and classifying your data?
Recovering after a ransomware attack does not necessarily mean restoring all your data. This means businesses should be identifying and classifying their data to determine what is critical. When the time comes, this classification will speed up the recovery response time. Attempting to recover all data following a ransomware attack will slow the recovery process down unnecessarily.
More data means a longer recover period. Think about reducing the overall size of your critical data by optimizing your data-recovery strategy. This in turn will reduce your RTO.
4. Are you conducting recovery testing & validating your most critical data?
Critical data must be backed up more frequently and a policy should be put in place to define this. Regular recovery validation testing should be completed to ensure this critical data will be there when it’s needed most.
If you don’t regularly test your backup system, you face the risk that your backup data won’t be there when you need it. Regularly testing your recovery methods will bring any issues to the surface. Whether your backups were quietly hit by a cyber attack and you were unaware, or a technical flaw has caused an issue, the sooner you know the sooner you can take corrective measures.
5. Should you consider backup immutability?
As the threat of ransomware grows, ransomware attackers are now targeting backups. This will leave victims with nowhere to turn once their environment is compromised.
Backup immutability provides copies of your data that cannot be altered, encrypted, or deleted. This leaves ransomware attackers without the leverage to make a ransom demand. From healthcare providers to law enforcement, backup immutability provides a stronger wall of safekeeping for any data that is considered the most critical.
6. Where do your backups live?
The location of your backups will impact the amount of time it takes to restore them. Backups stored offsite will take significantly longer to restore than backups housed within your network. However, an offsite backup can be more secure. Each individual organization must weight these options.
If your organization opts for offsite storage, extra time should be factored into your business continuity plan to account for the longer recovery period.
7. What type of access control do you have?
With the right access controls in place, companies can limit the risk of unauthorized devices, networks, and individuals reaching their data backups.
Ideally, every business would have both network access control and role-based access controls implemented:
- Network Access Control (NAC): NAC supports network visibility and access management through policy enforcement on network attached devices. This provides a barrier between the data backup and unauthorized devices or locations.
- Role-Based Access Control (RBAC): RBAC restricts network access based on the roles of individual users within a company. Each employee should only be able to access information that is pertinent to their role and nothing more. This reduces the risk of a single compromised account reaching the data backup.
In addition, multi-factor authentication has become a necessary portion of access control. This security measure requires two pieces of information to verify your identity, such as a PIN or fingerprint, rather than just a standard password.
Next Steps: Set a Plan to Harden Your Backups
If your business does not have clear answers to the questions above, there’s work to be done. If your backups are at risk, your entire organization is at risk.
If you need assistance building a backup plan or your existing strategy could use some fine tuning, contact Arraya for a backup assessment. Through this process we can determine the strength and security of your current backups and set a plan for remediation to respond to identified risks.
Contact an Arraya expert today to start a conversation.
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.