18th February 2020

Cyber tips - what constitutes a good data backup?

By Catherine Aleppo
Client Director - Head of Cyber
Cyber data centre

The data your company holds is more than just names and numbers, it’s a precious commodity to both you and your customers. Your customers trust you to keep their information safe, and the GDPR requires that personal data must be processed securely using appropriate technical and organisational measures. When you are the unfortunate victim of a cyberattack or face another disaster, such as a fire, that destroys your computer systems, you need to have a plan in place to keep your business running effectively and at the same time ensure your customers' information is available and intact.

A series of well-managed data backups will allow you to recover data from an unencrypted version of a file. How confident are you that your current protocols are keeping your data safe?

In this article, you will find the ideal solutions as to what constitutes good backup procedures.

Small Entities (up to £15 million in revenue)

The ideal situation…

Small entities should have a backup that is kept disconnected from their primary systems. This typically takes the form of an external hard drive. So long as the backup is disconnected at the time of the attack, it will be safe from encryption. Today’s ransomware strains are very good at gaining access to and encrypting cloud-based backups.

As a rule of thumb, you should remember that if the backup is connected to the main system, as the cloud always is, it is vulnerable to hackers.

However, with this said, a good solution for small businesses is to use a cloud provider like Microsoft and Amazon Web Services etc. as if they do suffer a ransomware attack, they can restore their data from the backup from the cloud provider. When relying on this solution, it is recommended you speak to an IT professional to ensure it is properly configured.

Large Entities (over £15 million in revenue)

The ideal situation...

Large entities should have multiple types of backups in place. The general rule of thumb is the ‘3-2-1 backup strategy’:

Organisations should keep three backups, on two different storage mediums, with one being disconnected.

For example, a company could have a  primary data centre in one location to host and back up most of their critical data and systems, but then every 15 minutes, a second automatic backup is made of the data to another data centre in a second location. The storage medium used in both data centres could be the same, but if the first data centre fails, you can switch your operations over to the second data centre and only lose a maximum of 15 minutes of data.

However, both these systems are still vulnerable to ransomware. If the first data centre was hit with ransomware, it could simply spread to the second in 15 minutes. For this reason, it is important to also have an offline disconnected back up system in place.

In a backup context, this means that the backup is not connected to the main network and therefore protected from the ransomware. This offline backup could be in the form of another medium, thus completing the 3-2-1 strategy.

Insider Threat Protection

Disconnected backups stored offline (ideally remotely) also mitigate an attack from an insider, such as a disgruntled employee. An employee could have the knowledge and access capabilities to potentially delete all a company’s backups. Thus, a remote (off-site and in a safe location), disconnected backup is best practice to fully protect your business from an insider attacker.

Practice Makes Perfect

Backups are difficult to do properly. The only way to know if they work is to test them. An untested backup solution should be fallible. In addition, testing backups will enable your internal IT team to restore operations from backups faster if an incident occurred.

Ask yourself the following:

  1. What is our company backup strategy?
  2. How are our backups protected from encryption in the event of a ransomware attack?
  3. When did we last test our backups, and what did you change as a result of that test?

To discuss your cyber backup practice or if you have any other cyber-related queries, speak to our cyber specialists today on 020 8633 8430.