From client records to financial transactions, the information your rely on to operate your business day-to-day is invaluable. This fact hasn’t gone unnoticed by hackers and other bad actors, which is how we’ve come to be operating in the age of ransomware.
One of the most effective defenses you can have against ransomware and other threats is a well-structured backup system. In this article we explain the significance of structured data backups in protecting your business from the ever-looming threat of ransomware. We also explore key concepts like segregated backups, regular backup schedules, and how to diversify your backups to improve your protection. Taken together, these steps can ensure your business’s data is protected and recoverable, no matter what.
The Principle of Segregation in Data Backups
Segregated backups are a fundamental strategy in securing your business’s data against threats like ransomware. But what does segregation mean in the context of backups?
Segregation involves separating critical backup data from the primary network. The idea is to prevent a situation where a single breach could compromise both your active data and the backups you rely on for recovery. Think of it as a safety deposit box for your digital assets. You’re keeping a backup of your data, and also storing it out of reach from potential attacks.
Here’s why segregation matters:
- Isolation from the Network: By keeping backups disconnected from your main network, they remain untouched even if the network is compromised.
- Multiple Recovery Points: Segregated backups should be part of a broader backup strategy that includes multiple recovery points, allowing for restoration from different periods.
- Regular Updates and Testing: Segregated doesn’t mean static. Regularly update and test your backups to ensure they can be restored when needed.
By incorporating segregated backups into your cybersecurity plan, you take a proactive stance. If your data is held ransom, you have a secure path to restore it and keep your business running without giving in to the demands of cybercriminals.
Implementing a Regular Backup Schedule
Backups can’t help you if you don’t take them. They also won’t help much if they’re outdated. To make sure you’re protected, you need to make regular backups a part of your IT process. How often you take them and what you should back up will vary depending on your business, but here’s a list of systems and servers that are commonly maintained by businesses:
- Client/Patient Management Systems: These are databases that hold client or patient records, appointments, and treatment history.
- Email Systems: Almost every business relies heavily on email for communication. This one’s so important we wrote an entire article on how to manage a situation where your business email is suddenly gone.
- Financial Systems: This includes accounting software like QuickBooks or other financial management tools that hold transaction records, invoices, payroll data, etc.
- Document Management Systems: Any system used for the creation and storage of business documents, such as Microsoft Office files, CAD drawings for architects, or patient X-rays for dentists.
- Project Management Tools: Software that tracks project timelines, deliverables, and client interactions.
- Payroll Systems. Even if most of this process is managed by a third-party, you’ll want to make sure you have backups of anything you need to maintain business continuity. This is also important enough we wrote a whole article about it.
- Human Resources Information Systems (HRIS): These systems contain sensitive employee information, including personal details, employment history, and performance reviews.
- Customer Relationship Management (CRM) Software: Systems that manage interactions with clients, track leads, sales pipelines, and marketing campaigns.
- Appointment Scheduling Software: Especially important for businesses like dental or medical practices where appointments are core to the business model.
- Legal and Compliance Documents: Any documentation related to regulatory compliance, legal contracts, or client consent forms.
- Backup Software Configuration Files: The settings and configurations for your backup software itself should also be backed up.
- Operating System and Application Settings: System state backups can restore a Windows system back to a specific configuration or point in time.
- Network Configuration and Security Settings: This includes firewall configurations, VPN settings, and other security protocols that are necessary for the safe operation of your business.
- Virtual Machines: If any services are virtualized, the virtual machine instances and their data should also be backed up.
- Website Data: If you host your website yourself instead of through a service provider, the site files and databases should be included in your backup strategy.
- Specialized Software Data: Depending on the services provided, there may be industry-specific software that requires regular backups.
Why Backups are Necessary for Cloud-Based Services
Even if your company uses cloud services for some or all of these business processes, for example Google Apps or Office 365 on a subscription basis, you still need an independent backup strategy. While these services do keep backups, getting ahold of someone at the provider to work with you on restoring them can be difficult to impossible, especially for a business that’s too small to have a dedicated account manager at the provider to take your call. Here are a few things to consider:
- Accidental Deletion: Users can accidentally delete important emails, documents, or data. While cloud services often have a trash or recovery option, these are usually only available for a limited period.
- Malicious Attacks: If an attacker gains access to your cloud services, they can delete or encrypt your data. Having an independent backup means you can restore your data without paying a ransom.
- Legal and Compliance Requirements: Some industries have strict data retention laws that require businesses to keep data for a certain period, which might be longer than the retention policies of the cloud services.
- Service Outages: Cloud providers can experience outages, during which your business operations might be severely impacted if you cannot access your data.
Tools and Processes for Backing Up Cloud Data
- Google Workspace Backup Tools: Services like Spanning, Backupify, or Google Vault offer comprehensive backup solutions for Google Workspace (formerly G Suite), allowing for the backup of emails, documents, and other data stored in Google Apps.
- Office 365 Backup Solutions: Tools like Veeam Backup for Microsoft Office 365 or Barracuda Cloud-to-Cloud Backup provide robust options for backing up Office 365 data, including emails, contacts, OneDrive files, and SharePoint documents.
- Automated Backup Scripts: For more tech-savvy businesses, automated scripts can be set up using cloud providers’ APIs to regularly export data to another cloud service or a local backup.
- Third-Party Backup Services: There are many third-party services that specialize in cloud data backup. These services often offer additional features like encryption, versioning, and easy restoration.
If all else fails, thanks to data portability requirements passed under the General Data Protection Regulation (GDPR) legal framework in Europe, many cloud providers have functions to allow you to backup your data. These were meant to make it possible for you to switch providers more easily, but you can use these as an easy way to get routine backups from cloud providers if there’s no other option. Just make sure not to store the backups on a system that’s potentially at risk of compromise! Store them on a removable drive or some other device that you can disconnect from the network.
Diversifying Your Backup Methods
To ensure comprehensive protection against data loss or ransomware attacks, it’s essential to diversify your backup methods. Here’s how:
Local Backups
Local backups involve storing your data on physical devices within your premises, such as external hard drives or network-attached storage (NAS) systems. The key advantage here is speed. Local backups and restores are generally faster because they don’t rely on internet bandwidth. They’re ideal for quick recovery of files or systems. However, they have their downsides, primarily the risk of physical damage or theft.
Offsite Backups
Offsite backups are about keeping another set of backups outside your primary location. This could mean storing backup media in a secure, geographically distant facility or using a managed backup service. The primary benefit is protection from local disasters like fires or floods. If something catastrophic happens at your primary business location, your offsite backups remain safe and accessible.
Cloud Backups
Cloud backups take advantage of remote servers hosted by third-party providers to store your data. This is different than a cloud service provider storing a backup of the data you have in their system. Cloud backups in this case refers to storing a backup of your local data on a cloud system
Cloud backups offer scalability, ease of access from any location, and protection from local physical threats. As long as you don’t have a persistent connection to the backup provider, like a VPN, cloud backups can potentially be a good strategy for protecting from ransomware.
Cloud backups can also be automated, ensuring regular, timely backups without manual intervention. The downside? They depend on your internet connection and can be slower to restore large amounts of data compared to local backups.
Combining Methods for Robust Protection
The most effective backup strategy employs a combination of these methods. This approach, often referred to as the 3-2-1 backup strategy, suggests having at least three total copies of your data, two of which are local but on different mediums, and one stored offsite. Using a mix of local, offsite, and cloud backups ensures that you’re prepared for a variety of disaster scenarios, from simple hardware failures to large-scale natural disasters.
Ensuring Physical and Network Isolation
There are two key points to consider here; physical isolation of your backups, and air-gapping. Here’s what those mean and how to implement them:
Physical Isolation of Backups
Physical isolation refers to keeping backup copies separate from your main network environment. This can be achieved by using external hard drives, USB drives, or other storage media that are only connected to the network during the backup or restore process. Once the backup is complete, these devices should be disconnected and stored securely, preferably in a different location. This method significantly reduces the risk of your backups being compromised alongside your primary data in the event of a network breach.
Air-Gapping for Enhanced Security
Air-gapping takes physical isolation a step further. An air-gapped backup system is completely disconnected from the internet and your internal network, making it virtually impossible for cybercriminals to access. This kind of system is often used for storing the most critical backups. While implementing an air-gapped system can be more complex and may require manual intervention for updates, the level of security it provides is unparalleled. It ensures that, even in the event of a sophisticated cyber attack, your secure backups remain untouched and ready for use.
The Role of Air-Gapping in Ransomware Protection
Ransomware attacks are designed to encrypt your data and demand payment for its release. If your backups are connected to your network, a criminal can just encrypt the backup along with your primary data, and criminals do just that in 90% of ransomware attacks. By physically isolating and air-gapping critical backups, you create a fail-safe that guarantees you can restore your data without giving in to ransom demands. This bith protects your information and undercuts the leverage cybercriminals have over your business.
Testing and Restoring: The Ultimate Safety Check
To truly rely on your backups in a crisis, especially after a ransomware attack, you’ll need to regularly test them and your ability to restore them swiftly. Here’s why this is important and how to do it effectively:
Why Regular Testing is a Must
Just as a trapeze artist wouldn’t trust a net that might have holes, you shouldn’t trust backups that haven’t been verified. Regular testing ensures that your backups are complete and the data is not corrupted. This process confirms that, in the event of data loss, your backups are ready to step in without a hitch.
Steps for Effective Backup Testing and Restoration
- Schedule Regular Tests: Set a regular schedule for testing your backups. Depending on the size of your operations and the volume of data, this could be monthly, quarterly, or at least bi-annually.
- Perform Test Restores: Periodically restore files from your backups to a test environment to verify that the data is intact and usable. This step will give you confidence in your backup’s integrity and the restoration process.
- Test Different Scenarios: Simulate various disaster scenarios to ensure your backups can cover a range of potential issues. This includes everything from a single file recovery to a full system restoration.
- Document the Process: Keep detailed records of the restoration process and time taken. This documentation will help streamline actual disaster recovery, making it faster and more efficient. You’ll also need this documentation to help you pre-qualify for cyber insurance.
- Train Your Team: Make sure key personnel are familiar with the restoration process. This training ensures that if you’re not available, others can step in to recover the data.
- Review and Adjust: Use the insights gained from testing to refine your backup and restoration procedures. If a test reveals weaknesses in your strategy, adjust accordingly.
Regular Updates and Patches for Backup Systems
In this article we’re covering backups as one of the foundational pillars of cybersecurity defenses, but having a robust vulnerability management system in place is another. It may not be obvious but your backup system is also software, and it can have vulnerabilities. This means it needs to be part of your vulnerability management strategy.
If your backup system isn’t being patched regularly, it might not be reliable when you need it. It’s very common for a ransomware criminal who breaks into your system to disable backups before encrypting your data. It’s the same logic that a bank robber uses when they disable the recorder on the security tapes before pulling off a heist.
The Process of Regular Maintenance
- Set up Automatic Updates: Where possible, enable automatic updates for your backup software to ensure you’re always running the latest version without having to manually check and apply updates.
- Schedule Regular Maintenance Checks: For systems that require manual updates or patches, establish a regular schedule to check for and apply these updates. This could be monthly or immediately following the release of a critical security patch.
- Monitor for Vulnerabilities: Stay informed about potential vulnerabilities in your backup systems by subscribing to security bulletins or alerts from your software providers.
- Test After Updating: After applying updates or patches, perform tests to ensure your backup systems are functioning correctly and that the integrity of your backups remains intact.
Conclusion
Throughout this article, we’ve outlined essential strategies for structuring data backups effectively, highlighting the importance of segregated backups, diversified backup methods, and the critical need for regular testing and maintenance.
As you look to fortify your data protection measures, consider Arch Access as your trusted advisor. Our expertise in implementing and testing robust backup strategies ensures your business is equipped to withstand cyber threats, safeguarding your most valuable asset—your data.
Building. maintaining, and testing a backup strategy can be complex. You’ll need to have a process in place and documented before you obtain or renew your cyber insurance if you want to potentially qualify for the best rates. Arch Access is the trusted cybersecurity partner to help you build and test your backup strategy when things are fine, and we’re here 24/7 to help when things go wrong. Contact us at sdeal@archaccess.com to learn more.