When it comes to preparing for ransomware attacks, security teams seem to understand the importance of data back-ups, and many seem satisfied with their efforts on that front. In a January 2022 CyberRisk Alliance Business Intelligence ransomware survey of 300 IT security decision makers and influencers, most respondents rated satisfaction with their backup efforts as a 6.8 on a scale of 1-7.
But are they approaching the task in the most effective way possible and focusing adequately on encryption and protection of cloud servers where backups are stored? It’s a safe bet that more than a few are not. Indeed, many of those same respondents admit to suffering damage following an attack:
- Forty-three percent of respondents suffered at least one ransomware attack during the past two years.
- Among them, 58% paid a ransom, 29% found their stolen data on the dark web, and 44% suffered financial losses.
Backups can be stolen or damaged, especially when they reside in the cloud.
With these concerns in mind, Sophos recently released a set of best practices to help organizations make the best possible decisions when it comes to backups:
1. DECIDE WHICH DATA IS CRITICAL, AND PROTECT IT PROPERLY
It’s OK to decide that you aren’t going to back up everything all the time, but you should make a list of the data you need to keep safe have a system to keep track of when you last backed it up. If you have a process you use to ensure you pay the household bills regularly, use that system to keep on top of your backups, too. You don’t need a high-tech system: even just adding a visible weekly check box to the calendar on your kitchen wall is a good way to do it.
2. REMEMBER THE 3-2-1 PRINCIPLE
The 3-2-1 rule suggests having at least three copies of your data, including the master copy; using two different types of backup, so that if one fails, it’s less likely the other will be similarly affected; and keeping one of them offline, and preferably offsite, so you can get at it even if you’re locked out of your home or office.
3. DON’T LEAVE BACKUPS WHERE CYBERCROOKS CAN FIND THEM
Many people keep backups so they are always online, such as in a live cloud storage account or on a network-attached storage (NAS) device. But if your backups are accessible online, they’re also accessible to attackers who might compromise your account or your network. Indeed, ransomware crooks make a point of searching for online backups and wiping them out as part of the attack, hoping to force you into paying up.
Remember the 3-2-1 rule: Think of online snapshots and real-time backups as just one of the two backup types you keep, and make sure you always have at least one other backup that’s offline. Whether you’re at home or at work, remember to unplug offline backup devices and put them somewhere safe unless you are in the process of backing up or restoring, and remember to logout explicitly from cloud backup accounts when you aren’t using them.
4. DON’T MAKE BACKUPS THAT EVERYONE CAN READ
Encrypt your backups so that if they’re lost or stolen, the thief can’t simply read out all your precious data for themselves. Windows has BitLocker, Macs have FileVault, and Linux has LUKS and cryptsetup, which can be used to create encrypted drives and partitions. There are also numerous archiving tools, some free and open source, that can create encrypted backup files, such as WinZip and 7-Zip.
5. LEARN HOW TO DO THE “RESTORE” PART OF THE PROCESS
Sophos has helped numerous people over the years who made backups regularly and carefully, but weren’t able to get back the files they wanted when they needed to. Ironically, none of these cases happened because the user forgot or lost their decryption password – they simply weren’t prepared enough in using the restore process to do it reliably, or even at all. Don’t be one of those people.
BONUS TIP. DON’T PUT IT OFF UNTIL TOMORROW
We’ll finish as we started: The only backup you will ever regret is the one you didn’t make.