What Measures Can A Company Take To Secure Its Backups

Michael Finnigan
Dec 28, 2020

A spread-out workforce invites new challenges, which is likely to make it trickier and more significant to back up data. It is important to inform workers about data backup management best practices, among others.

So, we will look at 5 things that are doable for IT managers to confirm that they maintain the most effective procedures for backups at an enterprise level and individual worker level.

Following The 3-2-1 Backup Rule

According to this rule, it is vital to have 3 copies of vital data: the original one and a couple of backups, ideally in different locations and formats. That will aid in minimizing the chance of losing important data due to ransomware, malicious software, or some other event.

For remote workers who store their day-to-day work, it is good to blend a local pen drive backup or NAS backup and a cloud-based backup. As for cloud-based data storage for bigger databases and systems and employee data, go for immutable backup. That choice will keep any data change or deletion from occurring, which could be vital in case a cyberattack involving ransomware happens.

Some clients have immutable cloud backup and local storage. One of those clients encountered a ransomware-type attack that encrypted their on-premises backup and primary files. The attackers asked for millions of US dollars in return for restoring those files. The malicious parties were unaware that that client had immutable backup. They managed to restore data from that immutable storage facility, so they did not need to spend any amount of money as ransom for restoring their files.

Backing Up All Data

You should think about a couple of components.

Firstly, you must be sure of creating a backup with the right company data (right in terms of its formats and versions). Secondly, it is a must to be sure that your remote workers are acting as per the best practices, unlike the practices they would do at their usual workplace.

Thirdly, it is vital to establish policies and processes for creating a backup of your data and the data that you create through the Software as a Service platform. Several individuals unfortunately think that this kind of data sitting in cloud storage will automatically mean that it is already backed up. This is not true.

For instance, Microsoft does not make automatic data backups. On the other hand, Salesforce is changing automatic company data protection. While enterprise data backup vendors such as NetBackup and Veeam provide SaaS-based backup, be sure of educating remote workers on any steps they should take to make these providers work as required.

Always Enabling Encryption

It is vital to have encryption, as either a turned-on feature on a non-custom-made backup solution or an enterprise standard. In the former situation, encryption is generally optional, meaning several users do not activate the feature.

Confirm that there are unambiguous instructions for workers on the way of enabling encryption in data backup programs. Those instructions may include the way of securely storing passphrases so that encryption can be enabled if required.

Confirming That Backups Are Functioning

While this sounds obvious, we often see cases of workforces feeling confident about their backups working correctly, only to find that they are actually not. When this issue happens, the workforces tend to try to restore the backup.

That could become worse if your team is working remotely. Workers who run a backup program may not understand that their devices should be active for that process to finish.

Fortunately, there is this easy solution of communicating frequently and unambiguously with workers regarding the actions they should take to confirm that backups are finished. Some companies have had success by sending frequent, brief messages instead of the odd longer updates. For instance, a weekly email or video from your chief information security officer can convey digestible amounts of critical information, including the detail that everybody should consider backups regularly.

Testing Restores

Not many companies test their restores. Some have the usual belief that passing the audit means they are fine. That is not a safe attitude to have. What if retention periods are not set properly? What if backups are invalid? What if ransomware enters your data backups and then corrupts or encrypts them? Many bad things can happen, so running regular tests is a must.

At an enterprise level, we would usually recommend runbook testing on a per-quarter basis. Restore a computer from data backups, give it back to your worker, and check with them whether those restored files are correct. You may make them extract accounting files, marketing and sales folders, and whatever else they require for their work.

During a period of extensive telework, it is a good idea to ask workers to do self-service data restore processes. Retrying to restore separate PowerPoint or Excel documents to confirm that the restored things are correct and complete.

For Best Outputs, Combine Your Policies, Processes, And Communication

It is vital to establish procedures and policies that summarize in what way your enterprise manages backups. It is equally important, particularly when remote work happens almost all over the world, to adequately tell workers what their roles are in handling the condition of your organizational backups.

If in doubt, unambiguously stipulate what you expect regarding employee behavior. As for backups, it is better to be very cautious.

You Might also Like