When a business experiences data loss or damage, it can result in operational slowdowns, erode consumer trust, and create significant financial challenges. Data loss, including human error, lost or stolen devices, or nefarious or malicious action can be devastating to any size organization.
Antivirus software, along with basic security measures, are the first lines of defense against social engineering attacks like phishing and smishing which can escalate to a ransom incident. If an attack occurs where there is a deletion, modification or loss of access and control of the data, a carefully designed backup strategy will help your organization recover data and minimize negative consequences. Each organization’s leadership should determine the time frame in which systems can be inaccessible and/or “acceptable” data loss.
This decision determines the type of back up protocols the organization will put into place and the disaster recovery plan. Regardless of the plan, it is highly recommended that the plan is tested at least annually to ensure that the desired outcome and timeframes are being achieved. Even though businesses cannot entirely prevent ransomware attacks, they can stay one step ahead of cybercriminals to prevent catastrophic data and financial loss.
What Is a Ransomware Attack?
Ransomware is a type of malware that can prevent computer users from accessing their own systems and data. Some common ransomware variants include DearCry, Ryuk, LockBit, among others. Many attacks gain access to the victim’s systems via a malicious link or email attachment as part of a phishing attack.
Once the ransomware infects the computer system, it encrypts or locks the data, rendering it inaccessible without the encryption key or password. A ransom message on the screen typically promises the key in return for a set amount of cryptocurrency. Even if payment is made the organization is still dependent on attacker providing access and “trusting” that a copy of the data has not been take for future sale on the dark web. In many situations, attackers do not provide the encryption key, and some use complex extortion strategies to demand additional money.
You Need a Backup Plan
Many ransomware attacks are preventable, but businesses and individuals should always prepare for the worst-case scenario. Once cyber attackers encrypt your data, restoring your data from a backup may be your only option. Whether you store vast databases of sensitive consumer information or your family photos on a personal device, you should always have a way to restore the data in case of loss.
The 3-2-1 rule is an easy way to remember best practices for data backups. You should:
- Keep three copies of important files
- Use two types of unique storage media
- Store one copy in an offsite location
It is improbable that a cyber attacker could access all three copies of your data if you follow this protocol.
Assessing Your Backup Needs
Not all businesses have the same backup needs. You should carefully assess your organization’s needs to ensure your plan covers all your essential data and fits your budget and risk appetite. Some questions to consider are:
How often do you back up data?
Typically, the volume of data collected and the frequency of changes will help you answer this question. If your organization adds a small amount of data throughout the week, you won’t need to back up as frequently as an organization that adds or changes data on an ongoing basis.
Best practice is to at least schedule a full daily back up. Dependent on your appetite for data loss, incremental backups should be considered, and the frequency is determined on how much data loss the organization is willing to accept. Imagine if an attacker stole or damaged your systems added since the previous backup. How much time would it take to restore your systems? How much data was lost between the backups? How much revenue was lost while systems were down?
Continuous Data Protection (CDP) is the most frequent backup option because it backs up instantaneously and continuously, preventing even tiny amounts of data loss and provides a quicker recovery window with a replicated backup database. However, investing in a CDP platform may not be financially feasible for smaller businesses. Choose a backup strategy that meets your business’s budget and data protection needs.
What data should you back up?
You might initially think, “We will just back up everything to be safe.” While this sounds good theoretically, this strategy could slow recovery time after an attack. You should identify your organization’s Recovery Time Objective (RTO), the maximum time it should take to recover data to an acceptable state. Then ensure that the amount of data you are backing up and your method is compatible with the RTO.
Businesses should categorize their data; determine which data is required for the organization to survive, which data is necessary for normal operations, and which data optimizes performance and allows the business to thrive. The protection level and backup frequency may differ between these categories.
Another practice is keeping “golden images” of critical servers. A golden image is a preconfigured version of the system and all the applications installed on the server. This shortens the recovery time by removing the time to procure proper hardware and configuration.
Backup Storage Options
There are several options for storing backup information. Based on the 3-2-1 rule, you should have two backup copies in addition to the original. Each backup should utilize different media types, and you should store one copy in a separate physical location, such as an off-site data center. You can choose the options that make the most sense financially and logistically for your business.
Some examples of backup storage options include:
Cloud Storage – Cloud storage is convenient and readily available. Options include Google Drive, iCloud, Microsoft OneDrive, Microsoft Azure, Amazon Web Services (AWS), and many others. These platforms store data on secure servers, and your data is encrypted while in transit. However, it is not foolproof. Anyone with editing access to files in typical cloud storage can alter or delete information. If an attacker breaches the account, they can cause severe damage. Even a well-intentioned employee could accidentally change or delete files in cloud storage.
Cloud Backup Provider – Third-party cloud backup providers offer additional protection that most typical cloud storage does not provide, including immutable cloud backups. Immutability prevents anyone, including the administrator, from changing the stored files. This technology is best for intermittent backups, such as weekly full backups.
A cloud backup service is easy to use and reliable. Users can decide how often to run an automatic backup and what to include. Then it is nearly effortless to maintain unless you decide to change the schedule. Since utilizing cloud storage requires storing your data on a third-party platform, you should always choose a reputable company with a proven track record for protecting consumer data.
External Hard Drive – You can choose between a hard disk drive (HDD) or a solid-state drive (SSD). Overall, SDDs are faster and more reliable than HDDs but also come with a higher price tag. You should designate an external hard drive strictly for backups and use a different one if needed for daily use. Be sure to select a drive that is compatible with your computer and has sufficient space to hold the full backup.
The most important practice when using external hard drives is to ensure that the drive is fully encrypted with a long and random decryption code. These codes should be stored in a secure location so that if the hard drive is found, it is not accessible. Storage of external hard drives should be managed closely and logged to ensure that each drives in circulation is tracked and stored in a secure location.
Optical Media and USB Flash Drives – If you only need to back up a small number of files, optical media such as CDs or DVDs or a USB flash drive may be effective methods for physical backup. However, CDs and DVDs can become unusable if stored at an improper temperature or in high humidity or if they get scratched or dirty. This is not a recommended method of storing data as it can be easily damaged and misplaced due to size.
Similar to an external hard drive, password protection is a must and logging and secure storage is critical.
You should also develop data retention guidelines based on operational needs and industry standards. The longer you retain old backup data, the more storage space it takes up and you increase your risk. If you must retain backups for a significant time, choose a storage option that allows for that and ensure physical and information security controls are in place to protect the data at rest,
Protect Your Backup Server
Protecting your backup server from ransomware and other attacks is critical, just as you protect other parts of your network. Some tips to protect your backup server include:
- Keep your back up servers on a different network segment that is not accessible by the primary source.
- Install the latest updates and patches to the operating system and all applications .
- Encrypt data and utilize a third-party key management system to prevent attackers from obtaining the keys.
- Have different credentials for the backup environment and enable multi-factor authentication where possible.
- Limit who has access to the backup server and monitor all use of this server.
- Utilize endpoint protection to detect ransomware based on abnormal activity and isolate and lock down infected systems.
Testing Your Backup Strategy
Having an excellent backup strategy on paper is one thing but putting it into practice may be a completely different story. We recommend testing the backup strategy at least semi-annually or when you have a significant change of resources and review policies and procedures annually. These tests ensure you understand the effectiveness of the backup process, how long it takes to restore the data, and how much data is lost.
When determining your strategy consider the time it takes to restore if an incident occurs. Understanding the amount of time your organization is willing to tolerate is critical to the overall backup strategic direction.
Your tests should also assess the integrity and usability of the backup files. Some questions to consider include:
- Does the key work to decrypt encrypted files?
- Are the files corrupt or unusable?
- Do we have the correct permissions to access the data?
- What are the backup metrics, such as file size, backup frequency and duration, and success rate?
- How many old copies of the backup do we store?
- Do we have space for additional backups even if the file size increases?
Benefits of Backing Up Data
Backing up data is the only way to guarantee your data is safe. Don’t count on cyber criminals to be honest and give you access to the data when you pay the ransom. A solid backup strategy allows organizations to be self-sufficient.
Although ransomware is a significant cause of data loss, it is not the only cause. An effective backup plan can also protect your business from data loss from server problems, power failure, hardware failure, stolen devices, natural disasters, human error, and any other problems that could arise.
Finding a Backup Plan That is Right For Your Organization
No individual or business can predict when a ransomware attack could happen or when systems fail and cause corruption or service outages. If you’re lucky, it may never be an issue. However, once the data is damaged or gone, there may be no way to recover it unless you have a backup and a clearly defined recovery plan.
In this decade, there are backup options that fit any sized business and any budget. Deciding on the best backup strategy for your organization may feel confusing, but you don’t need to do it alone. A robust tool such as uRISQ can help your business develop a comprehensive privacy and security program that includes a reliable backup plan.