Conducting regular audits to maintain critical operations
Key systems and data sources that are required to maintain critical operations within the business should be clearly identified and regularly tested. The backups and continuity plans must be tested to ensure that they are effective and stored in a secure location.
Conducting regular audits ensures that the backup systems that the company has in place work and any weaknesses can be efficiently identified to increase the defence without compromising the business.
Maintaining multiple backups both online and offline
When backing up your business data securely it’s better to have multiple online copies in addition to offline backups.
Having data backups in the cloud is recommended as file storage and management in the cloud is easier as they are available anytime and from any location. The major downside to backing up critical business data in the cloud is that security settings need to be reviewed regularly as well as access permissions.
For offline alternatives, external hard drives can be used, which are still a popular solution as the hard drive is a one-off purchase. However, the data needs to be stored safely, in a secure location to prevent it being lost or stolen. Another downside to having an external hard drive as a backup is that if they are not handled with care, the drive can become corrupt, which is why it’s recommended to have both online and offline backups.
The attackers ‘dwell time’
Another key consideration when restoring systems from attackers is the dwell time, which is the time between the initial compromise of the data and the subsequent attack. To ensure that the systems are secure, conducting a thorough investigation to identify the full scale of the initial attack is required. Also, it’s recommended to check the systems that have been restored from the backups before using them as they could also be affected by the attack.
No matter the size of your company, your data is still vulnerable. Making sure your staff are well educated on how to protect systems and data can contribute towards the business staying compliant and protected.
Provide regular updates to employees, strengthen data protection as well as cyber security training to create a security-focused workplace culture.
Create a priorities list to secure sensitive data first
Developing a framework for how to go about restoring critical systems and data sources, as well as considering a priorities list. When the company is under threat, speed is critical to the businesses operations. Even if there are robust security operations in place, a ransomware attack can still take place, causing the backup software to also become corrupt. Ensure that all sensitive data is encrypted including customer and employee information as well as business data.