In the age of ransomware and extreme weather, having secure and redundant backups is critical to ensuring your company can survive and quickly recover from a data loss event. NuHarbor compiled eight tips to ensure your backups are safe, secure, and ready to deploy in the event of data loss.
Why Use Backups
There is an array of benefits to backups. Many security standards require backups for compliance. Backups allow for quick disaster recovery in the event of flood, fire, earthquake, or other natural disasters. Backups also decrease your recovery time from a ransomware attack. You can quickly deploy backups and avoid paying the ransom. Backups also protect data from rogue employees and malicious actors who attempt to delete or tamper with critical data. Additionally, backups allow for the recovery of data in the event of data corruption or hardware failure.
Securing Your Backups
1. Utilize the Rule of 3-2-1
3-2-1 is a proven and widely used backup strategy. The next seven points after this are ineffective if you do not have a robust backup strategy to begin with. Start with the rule of 3-2-1:
THREE: Keep at least 3 copies of your data. This includes the original copy, meaning that you should have at least 2 other copies of the data. Having multiple backups allows flexibility and redundancy if one backup fails or is destroyed
TWO: Use at least 2 different types of storage mediums. This could include network drives, tape drives, cloud backups, and more. Two similar mediums have a much greater chance of failing around the same time. so different storage mediums should be used to mitigate this.
ONE: Keep at least 1 copy of your data off-site. This ensures that a complete data loss event like a fire or widespread ransomware does not destroy all backups.
2. Back up Frequently
Backing up frequently ensures that backups are relevant and up to date. You want a minimum amount of lost work and revenue if a restore is needed. Determine a Recovery Point Objective (RPO). Your RPO helps determine an appropriate backup frequency each aspect of your business. For example, the RPO for a network share containing employee documents may be a few hours, but the RPO for financial transactions could be as small as minutes. This ensures that your backups are useful and effective as a restore point in the event of a data loss incident such as a ransomware attack.
3. Store Backups Offline
Keeping backups offline is one of the best ways to protect them against a malicious actor. Malware like TrickBot can look for backups before deploying ransomware, encrypting both the original data as well as the networked backup. Additionally, networked backups provide an easy target for data breaches. Storing backups offline can increase data security and decrease the exposure of backups to data breaches.
4. Encrypt Backups
Encrypt backups while in storage and transit to prevent unauthorized access. In the event of a break-in or physical theft of the backups, the malicious actor would have a hard time obtaining any usable data due to encryption.
5. Keep Offsite Backups
Storing backups offsite is a critical element of the 3-2-1 strategy. Offsite backups ensure that your data can be recovered if the original location of the data is destroyed, damaged, or otherwise put into an unusable state. Offsite backups protect against both natural disasters as well as malicious activity such as ransomware attacks and arson. You can implement an offsite backups or utilize a 3rd party solution such as cloud backups.
6. Verify and Securely Replace Backup Medium
All backup mediums will degrade over time and become unusable. You should regularly test to verify the integrity of the backup medium. Once the backup medium has reached the end of its life, it must be safely destroyed. “Formatting” a drive does not remove the data from the drive. This is not a secure or effective way to remove data from a drive. Instead, use a secure erase tool that writes over all data on a drive multiple times to definitively wipe the drive. After the drive is securely wiped, physically destroy the drive through shredding or other secure methods. If you use a 3rd party service to securely dispose of old drives, wipe the drive before handing it off.
7. Test Backups Regularly
Having backups is not useful if you are unable to restore from them! Testing backups is crucial to prepare for a data loss event. Having a verified backup and recovery process can be the difference between losing millions to threat actors in a ransomware attack and paying your IT staff for a couple of hours to restore from backups. Use the backup verification process to test that you are meeting your Recovery Time Objective (RTO). The only way you can be confident in your backup strategy is to practice and test it!
8. Create and Instate a Backup Policy
Decide how your organization is going to implement the measures above and use that to create a backup policy for your organization. Include who is responsible for backups, how long they should be kept, and relevant procedures to ensure that the policies are enforced. Any additional compliance requirements should be added to the policy. Having a defined policy will allow you to set goals, evaluate your progress, and demonstrate your commitment to data protection.
Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.