NIS2, Are you on scope?
Belgium's new cybersecurity law enters into force. Check it out now.
Too many organizations fall victim to data theft, data loss or technical problems and struggle to get back on track afterwards. Thankfully, a good backup strategy can help mitigate these scenarios as it ensures the continuity of daily operations and enables the recovery of critical assets.
It is important to back up all critical resources and data. This will be different for every organisation as they don’t all provide the same services. An organization must first define which data and resources are critical to ensure the continuity of their operations. This can be determined by asking the following types of questions: "What data cannot be recovered if lost?", "What data is most frequently requested?”, “What data would have an financial impact if unavailable?”, “What data would damage the organization’s reputation if accessed by the wrong people?”, etc.
Next to knowing what the most critical resources and data are, it is important to know where they are stored giving the many possibilities that exist nowadays. Each device and support storing critical resources and data should be identified, e.g., servers, laptops, mobile devices, hard drives, USB keys, etc.
There are three different types of backup that can be performed, each one defining which changes made to the data will be added to the last backup. It is also possible to combine multiple types of backup to tailor them to the organization’s needs.
The following table indicates which data is backed up for each type.
ITERATION | FULL | DIFFERENTIAL | INCREMENTAL |
---|---|---|---|
Backup 1 | All data | All data | All data |
Backup 2 | All data | Changes from backup 1 | Changes from backup 1 |
Backup 3 | All data | Changes from backup 1 | Changes from backup 2 |
Backup 4 | All data | Changes from backup 1 | Changes from backup 3 |
In general, all resources and data should be backed up at least weekly. However, depending on the criticality of the resources and data, more backup iterations can be set. When there is less time between two iterations, the risk of losing an important amount of data is minimised. Thus the more critical the data is, the more often a backup iteration should be executed.
The backup process should be automated wherever possible for more efficiency. This will allow to back up the data as regularly as predetermined without monopolizing the collaborators responsible to ensure the backup execution. Manual backups are also possible, however, a tight schedule should be determined and followed strictly.
Backups can be stored either online or offline. When stored offline, there is a distinction to be made between storing them locally or remotely. To ensure the backup availability, it is best to use a combination of an online and offline versions wherever possible. Also, different copies should be made on different media and one copy should be kept in a different location from the original one to protect it in case of a disaster.
A specific way to store backups can be the 3-2-1 method. This is a combination of a local offline backup, a second offline backup at another location and an online backup. In total this means that 3 copies of the data exist, stored in 2 offline storages and 1 online storage.
The following tables present an overview of pros and cons of what each type of backup storage can bring.
Pros | Cons |
Backup are always available as the login can be done anywhere and on any device. | It can happen that the ransomware has also encrypted the data in the cloud. More and more cloud providers are aware of this and are looking for solutions. |
Automatic copies are easier to set up. | The organization doesn’t manage its data. The terms and conditions established by the provider and the organization for storing the data in the cloud needs to be reviewed carefully. |
It is free up to a certain storage capacity. The free storage capacity varies between 2 and 10 GB. Additional storage capacity is charged. | Copying large amounts of data using Wi-Fi requires more cost for the internet connection. |
Pros | Cons |
The organization manages its own data. | You have to remember to regularly synchronize with your hard drive and make a backup. |
The organization can restore the data quickly on its own. | Your backup is often in the same physical location as your hard drive, so no extra copies are available in the event of fire or burglary. |
Having all the necessary data and resources backed up is crucial for an organization. However, backups are also a potential target for cybercriminals, which makes them vulnerable. It is thus important to ensure their protection by implementing specific security controls to ensure they cannot be tampered, deleted or modified.
The access to the backups should be limited. Not everyone within the organisation needs to be able to read or modify them. Only people working directly on them should have access. This also includes the specific people involved in the incident resolution process as they will be the ones to recover the data and resources when needed. In addition to restricting the access, strong authentication should be set up by enforcing the implementation of a strong password and Multi-Factor Authentication. Multi Factor Authentication requires a user to provide at least two different methods (e.g., passwords and PIN code, PIN code and a code received via text) to verify their identity and grant them access to the resource they are trying to reach.
Even if the backup is secured and protected, it is possible that it still becomes the victim of a malware targeting the organization as the backup is connected to the organisation’s network. It is thus important to always disconnect the backup media as soon as it is not in use anymore.
Checking and testing the backups is part of a good backup strategy. Even though data is regularly backed up, over time, storage media can be damaged and synchronizations can be missed. There are therefore two steps to undertake: regularly checking if copies can actually be retrieved and if they are properly readable. This can be done via a data recovery testing, which will help find out if an organization can effectively return to a previous point in time in case of an incident.
The aim of this content is to share and raise awareness of good cyber security practice.
Some of this advice may apply differently depending on the context of your organisation.
Always comply with the policy and instructions in force in your organisation.
If in doubt, always ask your IT manager for advice first.