Part 3 of 4: How to Protect & Recover from Ransomware Attack
In our previous two blogs, we covered creating and maintaining an effective Information Security program as well as Best Practices for Protecting Data. Here, we will cover employing Effective Backup Strategies.
Many ransomware events are progressive hacks that work over time and may run in the background for weeks. Some even learn your backup routine behavior as they become more sophisticated. Organizations that rely on a few snapshots as a backup solution are at a higher risk of losing data in a ransomware attack. When the snapshot is replicated, the source data can become corrupted as well. Creating a preserved version of your data from prior time periods in protected locations is the key to an effective backup strategy.
Regular backups are vital insurance against a data-loss catastrophe. Here are some best practices and strategies for backup:
Save time by spending timeDeveloping a solid backup policy requires an investment of time and money, but the cost is far less than the burdensome task of recreating data without a solid backup.
Plan your strategy - develop a written plan that defines:
What data is being backed up?
- Give crucial data highest priority
Where is your data being backed up?
- On-premise and off-site (remote backups) are equally important. If something should happen to your local on-premise backup, you will need to gain access to your data from a remote off-site location.
How often backups will occur?
- Depending upon your organization and how risk-averse you may be to “being down,” you will need to balance your backup timeframe with cost and storage space. Some organizations cannot afford to be down longer than 15-minutes, while others can be without data access for an hour or even a day. Give thought to determining your “downtime” threshold.
What types of backups will occur?
- There are various types of backups from which you can select.
- Full Backup — As the name implies, this type of backup makes a copy of all data to another set of media, which can be tape, disk or a DVD or CD.
- Incremental — An Incremental Backup will copy only the data that has changed since the last backup operation of any type. The modified time stamp on files is typically used and compared to the time stamp of the last backup.
- Differential — A Differential Backup is like an Incremental in that the first time it is performed, it will copy all data changed from the previous backup. However, each time it is run afterwards, it will continue to copy all data changed since the previous full backup. Thus, it will store more data than an Incremental on subsequent operations, although typically far less than a Full Backup.
- While full backups are the most complete, they are more time-consuming and require more storage.
Who is responsible for monitoring and testing your backups?
- Just because you set up a backup schedule, do not presume they are always 100% successful. It is imperative that your backups are monitored for completion and tested to ensure they’ve completed correctly. Testing your plan before you need it will allow you to sleep better at night knowing that you are ready in the event of hacking or system failure.
Working with your IT partner to develop an efficient and effective backup strategy is essential to the data integrity, and possibly reputation, of your organization. Your IT partner can do a deep data dive into where your data is stored, your willingness to experience extended downtimes and other factors before implementing the most appropriate plan. Spending time in planning, saves time and heart ache in the future.
Cyber-attacks are rapidly becoming more sophisticated and your employees are the first line of defense for your company. It’s important to provide employees with the tools needed to defend against attacks that trick people into actions that leave your organization vulnerable. In our next blog, we’ll cover Employee Security Awareness.