Getty Images/iStockphoto
7 ways to improve your ransomware backup strategy
It's time to review your strategy for ransomware backup and recovery.
As external attacks using ransomware, phishing and other vectors continue to evolve their capabilities, so, too, must data backup professionals.
A ransomware attack that prevents access to IT systems and data can shut down an organization. Given the threat environment that IT professionals face today, effective preventive measures for a ransomware backup strategy include having a highly protected network perimeter along with data backup and disaster recovery plans. But are they enough?
It's never too early to review a data protection strategy, especially when it comes to cyberattacks. There have been several developments in the ransomware space in the last few years. For example, AI-based ransomware protection is currently gaining momentum, but AI-powered ransomware has become a threat.
Luckily, there are several ways to mitigate cyberattacks. Air-gapped and immutable backups are reliable ways to protect data from ransomware. On-site and remote storage options are plentiful and varied, with a variety of security methodologies available.
Backups are one of an organization's last lines of defense against a ransomware attack. Here are seven things that backup administrators can do to bolster a ransomware backup strategy.
How to improve a ransomware backup strategy
Even a strong ransomware protection strategy might miss critical vulnerabilities or simply have room for improvement. The following are seven ways that organizations can strengthen a ransomware backup strategy.
1. Use multiple backup locations
Storing backups in a single location is a quick way to guarantee that every copy of critical data becomes inaccessible in a cyberattack. Multiple locations and data formats provide another layer of security between would-be attackers and your data backups. There are several options that organizations can choose from, including local storage, cloud storage and hybrid options. If an organization only uses one of these options, it might be time to incorporate another or consider a change.
However, storage resource costs are a major consideration for a ransomware backup strategy, especially for brick-and-mortar and small businesses. Organizations with multiple data centers must be able to justify the overhead expense associated with these facilities. Cloud storage can save money by reducing the need for physical footprints, but the organization must provide security and data protection.
2. Consider bandwidth requirements
The last thing a backup administrator wants in a crisis is to find out that the network can't support a rapid recovery after an attack. Organizations must know the network bandwidth required for large data downloads and system recoveries in an emergency.
3. Prioritize and manage data
Backup administrators are responsible for vast amounts of data. To avoid overwhelming a backup strategy, prioritize data and systems by criticality. That will provide the organization with access to high-priority data in an emergency. Data reduction techniques like compression and deduplication can prevent the number of copies of data from becoming unmanageable.
4. Increase backup frequency
Data backup frequency varies by organization, but more frequent backups provide more accurate and up-to-date files if there is a disruption. Admins can strategically choose types of backups and schedule them to create up-to-date data copies without disrupting operations. For example, an organization might conduct weekly full backups supplemented with frequent incremental or differential backups.
5. Employ data encryption and secure access
IT security and data backup teams have a common goal of protecting business data from cybersecurity threats. Encryption can help protect backups, along with secure access measures, including multifactor authentication and role-based access control.
6. Routinely test backups
Testing verifies that backed-up data and systems are operational and accessible, ideally before an attack occurs. Testing backups is the most reliable way that backup admins can ensure the integrity of backups and find existing flaws in a ransomware backup strategy.
7. Review the data backup policy
A thorough data backup policy must address cyberattacks and how they might affect backups. Backups are not just a data protection tool, preserving copies of data off-site or offline. Backups can also be the target of ransomware and other cyberattacks themselves. Make sure that the organization's data backup policy addresses both situations.
Paul Kirvan, FBCI, CISA, is an independent consultant and technical writer with more than 35 years of experience in business continuity, disaster recovery, resilience, cybersecurity, GRC, telecom and technical writing.
