Back it Up, Baby
We have all been there. In college, we lost the killer ending of our thesis. At work, we could not find our quarterly results. And right now, we are sure that we went on vacation in 2016, but we cannot remember where – because that was several phones ago. Fortunately, due to the miracle of autosaves, cloud storage, and more, such data loss happens less often than it used to.
However, if you are responsible for corporate information security, you cannot take anything for granted. Accidental data loss is one problem, but there are also hackers, insiders, and cybercriminals who want your data, or at least your money. Take ransomware, for example, which has turned data ownership into a dangerous game: the malware encrypts your files, then holds them hostage for extortion. Currently, the problem of ransomware is getting worse. In 2020, the average ransom demanded was $900,000. In 2021, it was $2.2 million. And between 2020-21, the average ransom payment rose 78%, to $541,010.
Therefore, one important facet of a strong defense-in-depth philosophy is to back up your data. Think about it: if you maintain secure copies of all your important files, no matter how you lose your data – whether to misconfiguration, accidental deletion, corruption, theft, or ransomware – you can restore it and maintain business continuity.
Information Security Strategy
Data backups are a strategic investment that can save your business from disaster. So properly addressing this problem starts at the top. You must write a clear plan for data backups into your corporate policies.
Here is guidance from the US Computer Emergency Readiness Team (CERT):
All computer users, from home users to professional information security officers, should back up the critical data they have on their desktops, laptops, servers, and even mobile devices to protect it from loss or corruption. Saving just one backup file may not be enough to safeguard your information. To increase your chances of recovering lost or corrupted data, follow the 3-2-1 rule:
– Keep 3 copies of any important file: 1 primary and 2 backups.
– Keep the files on 2 different media types to protect against different types of hazards.
– Store 1 copy offsite (e.g., outside your home or business facility).
As always, humans play a crucial role in any information security strategy. Therefore, users should be made aware of your corporate policy on data backups. Teach them the basics of how it works, and they can help test and validate the system, including its ease of use and reliability.
At the individual level, backing up your data is relatively straightforward.
Typically, the hardware is physical data storage such as an external hard drive or USB stick. A nice benefit here is that you only have to purchase this device once. Keep it safe from water damage and excessive dust, otherwise your bits might get corrupted. Humans tend to lose things over time, so remember where you put it. Also, backups should be kept physically apart from the original data source, otherwise a thief might steal both!
Due to the challenges of maintaining physical data storage, today’s default solution is to back up data in the cloud. The benefits are numerous: your files are available anytime, anywhere, from any device, and they are safeguarded by specialists who know far more about implementing confidentiality, availability, and security than 99% of Internet users. For security, your primary concern is hardware access (e.g. your phone), software patching, creating a good password, two-factor authentication, etc.
At the corporate level, every organization is unique, so you must give this job to a team with proven savoir-faire.
Your enterprise should make backup copies of all data considered worth saving for business continuity, risk management, and legal considerations. There is much to learn at the technical level, from data discovery to extraction, manipulation, compression, deduplication, encryption, key management, automation, and more. You may even want to back up live data, such as open files. For physical security, do not forget to store your backups at an alternate location, so they are less vulnerable to accidental loss or attack.
Helpful Links for Backups
Happy World Backup Day 2022! We at VGS wish you success in celebrating this important event.
First, we recommend that you make a plan, both for your business and for yourself. Start with addressing your most important information – anything that is critical to your corporate mission and strategy – and then work your way out from there.
Second, start backing things up. Practice makes perfect. Strategic investments are not like the flick of a switch. They are processes that have a beginning – but no end.