National Backup Day: Don’t Forget the Basics

This Thursday, March 31 at 9:30 a.m. MT/11:30 a.m. ET, join the National Cybersecurity Center, IBM Security X-Force’s Laurance Dine and Stephanie “Snow” Carruthers, and other security experts, for a World Backup Day discussion on best practices, preparedness and more. Catch the conversation on Twitter.

National Backup Day is March 31, which serves as an annual reminder of the importance of backups for cybersecurity. We shouldn’t need reminders, but far too often, we overlook backups as a critical element in our basic security hygiene.   

As the threat landscape rapidly evolves, it’s never a bad idea to revisit the role backups can play in minimizing downtime, mitigating risks and improving security posture. 

The question may be rhetorical, but still essential to explore: why backup your data? 

Backups: Still Part of Good Security Hygiene

With backups, you are protecting your company from ransomware and other malware that can lock you out of your files or even erase them. In the event of a data breach, you can restore your data from your backups, minimizing the damage that the attacker can do. Backups are also crucial for disaster recovery. If your primary storage medium fails, you can restore your data from the backup.

When systems are down, the cost to your business is typically substantial. According to IBM’s Cost of a Data Breach 2021 report, the average breach increased from $3.86 million in 2020 to $4.24 million. Plus, despite some companies embracing a return-to-work policy, a growing number of employees are still working outside the office or within a hybrid workplace. The files and data they share could be anywhere, which shines a glaring spotlight on new backup challenges for IT and security teams.

But when it comes to backups, boring is always better than exciting. If you treat backups like you do your personal hygiene — like brushing your teeth, something you do every day — your business can prevent headaches down the road. It’s not exciting, yet we do it every day without thinking about it.

Backup Processes and Best Practices 

By adopting sound backup best practices, companies can stay one step ahead of attackers. Ransomware, one of the most common threat types, is only evolving with more sophisticated tactics and techniques. 

Backups are often the unsung hero of ransomware recovery. In far too many ransomware attacks, the victims could have avoided significant costs with a solid backup strategy. Scenarios where too much time elapsed between backups, or backups were stored on the same network as the attack, shouldn’t be the norm. 

Here are some best practices for backing up your data:

  1. Make sure backups are current and include all the data you need to restore your system.
  2. Follow the 3/2/1 backup rule: three copies of your data stored on two different media types and one remote copy.
  3. Store your backups in a secure location — preferably off-site.
  4. Make sure to backup data in cloud applications. 
  5. Ensure backup data is encrypted and cannot be altered. This step is more critical today as bad actors increasingly target both live and backup data.
  6. Backup frequently. How often data is backed up is dependent on sensitivity and will be different across departments and applications.
  7. Automate whenever possible. Backups should be monitored and tested regularly to ensure integrity. 
  8. Create a backup communication plan to ensure key stakeholders are aware of procedures, responsibilities and timelines. Test your recovery plan frequently.

Finally, backups should leverage both disk and cloud. Combining local and cloud storage locations is probably the most effective backup strategy. When backup data is readily available on a local disk, organizations can take advantage of speedy recovery times. With cloud, remote backups minimize risk from malware, disaster or other threats.

The best advice: pretend every day is National Backup Day. After all, the next day is always April 1. If you forget to back up your data, the joke may be on you. 

The post National Backup Day: Don’t Forget the Basics appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Mark Stone