What is this theme about?
Regularly backing up information, and having the ability to restore the backup, may be one of the most effective methods of protecting your business from the effects of accidental or malicious tampering, hardware failure, or ransomware.
In the event of a cyber incident, where data has been lost, deleted or encrypted, having a backup will help you recover to a point in time before the event happened.
It is recommended that you back up at least weekly, which means if something goes wrong, you may only lose up to a week’s worth of data. If losing a week’s data would be too costly, consider backing up your data on a daily basis.
IASME Cyber Baseline requires you to have one backup, though you may decide to increase your cyber resilience by keeping multiple backups.
Backing up to the cloud
Storing your data in the cloud does not guarantee that your data has been backed up. Many cloud services allow users to work on files locally and sync changes immediately to the cloud. In the event of a ransomware attack, the encrypted files are likely to sync as a change to the cloud storage copy as well. Check with your cloud service provider that your storage solution has versioning enabled and includes data recovery features.
Disconnect your backups from the internet and store in a different location.
It is important to protect backups so that they cannot be altered or deleted once created, especially whilst your backup mechanism is connected to your IT systems. When using USB devices for backup data, disconnect these devices when the backup has completed; it is important to store your backup data at a different secure location.
Test and restore
A backup that fails during a data restore process will not help you recover from data loss. You should carry out regular backup tests to ensure you can recover from data loss and regular restore tests should be carried out quarterly to verify the backup is usable.
It is recommended that you take these steps:
-
Back up all data and systems at least weekly
-
All backup data should be stored securely
-
Backup data must be clearly segregated from working and live data
-
Practise restoring from your backups to complete, operational capability at least quarterly