Security Controls 101: Backups
The definition of war footing is “the condition of being prepared to undertake or maintain war“. Cyber security could definitely be viewed as a war footing, it’s not if but when you get attacked or even worse, breached. Having a proper plan is the best way to recover quickly when a problem happens, and backups are the front line of this defense.
Put yourself temporarily in the mindset of the bad guy - trying to breach the network and hold it hostage for a payment. Backups of the company’s data are a prime target to be successful, if they can take out backups, they have much more leverage when demanding a ransom to unlock your files. Therefore your backups are a serious target.
How do we defend against this tactic? There are many different ways that cyberinsurers will ask for, here are a few of the more common ones:
Separated on the network by a firewall
A copy is sent off-site (to the cloud or another location) regularly
Separate logins & passwords from other admin accounts on your network
Tested regularly to verify they can be restored – you don’t want to find out after a breach that your backups are no good! Or take too long to restore.
Encrypted in transit and at rest
One other major consideration is the type of backup: file based vs. image based. This could be an entirely separate article about what kind of back up to choose, it mainly comes down to time it would take to restore. File based, you have your files at least, but you have lots of time required to reinstall operating systems, software etc. With image-based backups, it’s as if you can put a computer on a Xerox copier and hit copy…when the backup is restored, all the programs, settings, etc. come back with it.
Basic cyber security strategy is to prevent what you can prevent and have a safety net for those things you cannot prevent. Your daily backups are the safety net underneath you for WHEN, not if you have a beach or security related event.