By Michael Tanji
The quickest, easiest, and cheapest way to get back to business, regardless of the type of attack or disruption, is to have current backups available. Backups are one of those things, like checking a car’s fluid levels, which seem like old-fashioned drudgery but have the potential to save you a lot of grief and expense.
Online ‘backup-as-a-service’ offerings and backup software take most of the guesswork and complication out of the backup process, but it is still essential that you periodically check and make sure your data is actually there. If your IT person is using the backup utilities that are present in the operating system your organization uses, they absolutely must double check to make sure backups are being created. I say this because here is a scenario I’ve seen play out more than once in my career:
- System Administrator sets up a backup scheme.
- System Administrator doesn’t realize he misconfigured the backup scheme.
- System Administrator takes backup tapes or disks and stores them without verifying if the backups were actually made.
- In the aftermath of an attack or crash, System Administrator retrieves backup disks and tries to restore company data, only to find that the backup process ran, but because of the misconfiguration or some other error, no data was actually stored.
- System Administrator looks for a deep hole to crawl into while they update their resume.
Where should you store your backups? If you’re in a business where you want to be back online in hours, store your daily copies (on physical media) locally, under lock and key. Store weekly or monthly copies off-site. A safe deposit box works just fine if you don’t have a lot of media to store, but really any self-storage facility with physical security measures that is climate controlled will do if you don’t deal with particularly sensitive data that must be handled in accordance with some type of legal or regulatory regime.
If you are concerned at all about ransomware, make sure you configure your backup system to disconnect from the network or power off once backups are made and validated, or schedule backups to run just before you leave for the day and power off or manually disconnect the system. The goal here is to preclude an attacker from holding both your live data and backups hostage, which may be possible if you keep a backup system connected and running.
Creating backups is fundamentally an IT job that has serious implications for security. Backups are not a sexy or sophisticated security solution but a standard, often mundane, task for a system administrator. Yet the value of a current backup can be, in the right circumstances, the sum total value of your business. Particularly in the age of ransomware, backups are the most inexpensive and painless way to minimize the impact of being held hostage. What’s the best backup scheme for your organization? What are you trying to protect, and how badly would you be impacted if that data were unavailable for an extended period of time? Let the answers to these questions drive your backup strategy.
The GCA Cybersecurity Toolkit contains instructions on how to backup your data whether you’re using a Windows or Mac. There are multiple third-parties – backup-as-a-service if you will – that will back up data on an individual or organizational level, in near-real-time, leaving you time to focus on your business, not on becoming an expert in archiving.