Cybersecurity Resiliency: Backup and Protection

By: Silent Quadrant

Whether as a result of cyber-attack or accidental, managing the risks around potential data loss – both organization and customer data – should be a primary business objective, aligned with a broader cybersecurity and business continuity strategy. Loss of data can impact an organization for days, weeks, months, or even longer. Diversified data backups serve as your primary risk management resource against data loss, whatever the cause.

Data loss can occur from:

• Accidental damage, deletion, or modification of data

• Hardware failure

• Local disasters

• Lost or stolen devices

• Modification, deletion, or corruption of files by malware or malicious code

• A ransomware attack requiring a large payment before files are unlocked

Your data, information, programs, and processes are the foundation of your organization and business – if you lose them, or access to them, recovery can be slow, costly, or in many cases, impossible. And in the case of critical infrastructure / critical industries, data held hostage in a ransomware attack and unavailable may severely impact the lives of the public at large.

Visibility and identification are the first steps in designing a data backup strategy - what information should be backed up and how frequently. Prioritize critical and / or high-value data, which should ideally be backed-up more frequently than non-critical data. It’s important to take a strategic view of all data being generated across all applications in use within your organization to ensure completeness.

Data such as financial records, customer information, HR and internal information, research, proposals, and any other critical information that you can’t afford to be without should be designated and prioritized as critical / high-value. Additionally, network and systems configuration information, policy and process documents, application license information, and any applications that can’t be quickly accessed and restored from a cloud service should be included as well.

Bottom Line: If losing the data will interfere with doing business and serving your customers and stakeholders, it needs to be backed-up

Backups should occur on a regular cadence. The more critical the data is, the more often it should be backed-up. Automation is key to ensure that backups occur either after edits are made to the data – depending on the criticality – or at regularly scheduled intervals. Data designated as critical / high-value should be backed up at least daily, if not several times per day.

When implementing your backup strategy, ensure that you are creating, at a minimum, three copies of your data:

• All copies should be encrypted

• Two copies should be nearline and immutable: relatively easy to access for recovery and business continuity purposes, and neither copy can be altered once the backup has been written to storage medium

• One copy should be stored completely offline, not accessible via the Internet

Once your backup strategy has been implemented, ensure that a once-monthly recovery test process is established; this provides regular validation of data integrity, as well as rapid access to and restoration of data. Your backup strategy should be documented and made available to your organization’s incident response team.

As a key element of your organization’s business continuity processes and planning, a sound data backup strategy is the single best proactive defense against systems failure, data mishap, and system compromise / ransomware attack.

-----------------------------------------------------------

Silent Quadrant is a Washington, D.C.-based digital protection agency and consulting practice. Founded in 1993, Silent Quadrant has delivered incomparable digital security, digital transformation, and risk management within the world's most influential government affairs firms, associations, and small and medium size businesses throughout the United States for the past 28 years.