The challenges IT managers have always faced have only multiplied in recent years. Digital threats have become more sophisticated and the pandemic alone has exposed businesses to countless new vulnerabilities. New attack vectors are constantly emerging thanks to remote working and hybrid work environments. In the 2022 Global IT Security Survey, three respondents said their companies don’t back up their data or devices before working remotely, while only one in five follow backup best practices and back up data in real-time, which is a number of important emphasizes data security risks. Admittedly, tackling data security challenges can be daunting. With so many daily hours, you can’t tackle every security vulnerability at once. So, where do you start?
Back up your data and prepare to be resilient
Focus on your data backups and resiliency first. This ensures that no matter what happens, you have at least copies of your organization’s most important data. We’ve learned from the mistakes of other companies that you can’t afford to ignore this basic part of cybersecurity. Consider the ransomware attack against the Ireland Health Service Executive (HSE) in 2021 who immobilized healthcare IT systems. Not only were patients and staff dramatically affected, but this attack (and lack of resilience) cost hundreds of millions of dollars in recovery efforts.
While we hear stories like this far too often, recent research from Apricorn has shown that 99% of IT decision makers fail to recover data when disaster strikes, despite having a backup strategy in place. The same survey found that more than 70% of IT leaders needed to restore data from backups, but 26% were unable to fully restore it.
In other words, IT professionals are aware of the magnitude of these threats, but have not yet cracked the code to prevent them or their aftermath. Isn’t it time to take back control? To that end, here are three actions you can take that will impact your backups and resiliency.
1. Live by the 3-2-1 rule
Backup is fundamental to robust security, but not all backups are created equal. As you can see from the survey referenced above, at least a quarter of IT professionals are unable to fully restore their data and documents from backup when needed. So, here’s what the 3-2-1 rule is, which is crucial: three copies of your data on two different media (a of which offsite, encrypted and offline).
The best rule of thumb is to securely store local backups on portable hardware-encrypted external storage devices. Ensuring that your backup strategy has encryption at its core in every location will keep you in maximum control of your data no matter what disaster strikes.
Think about the lessons learned by the Dallas Police Department, who incurred $500,000 in costs when an IT employee accidentally deleted 20 TB of data. Although it was accidental, the lack of data backup procedures caused much of the data to be lost permanently. Implementing the 3-2-1 rule would have saved the department countless hours and public resources.
2. Determine your backup and recovery plan.
IT managers are savvy and knowledgeable in security, understanding that a backup and resiliency plan is essential to prevent damage from attacks and data loss from other sources. But even the most well-meaning people don’t always clearly define their plan or share it with all relevant stakeholders. Even if there is a plan, it is not always written down. And even if it is written down, it is not always followed. You can imagine how each missing layer can contribute to serious data breaches.
It may sound simple, but take the time to write down all the necessary parts of your plan. Then share it with your team. Indicate who should be warned in which situations and how the chain of command should work in the absence of a leader.
This is often overlooked, exacerbating the HSE data situation in Ireland. It was said that “at the time of the incident, the HSE did not have a single responsible owner for cybersecurity, whether at the senior executive or management level” and that “there was no dedicated committee to direct and oversee cybersecurity and the activities required.” to reduce the exposure of the HSE to cyber risks.” Sharpening this part of your plan — and making sure the plan is granular, shared, and accessible — can go a long way toward reducing risk and troubleshooting.At the very least, defining your backup plan in detail can help to improve a situation, such as recovering operations after a DDoS ransom attack.
View more: 8 Tips to Implement an Effective Disaster Recovery
3. Check in regularly
There are some aspects of things you can set and forget, but cybersecurity is not one of them. Even if you commit to following the 3-2-1 rule and are careful about defining your backup and resilience plan, you can’t just ignore it afterwards. Instead, it’s important to think about your efforts going forward and to promote accountability across the organization.
To do this, make a plan (yes, another one) to regularly review your multi-layer strategy. Regularly back up your data, including your offsite/offline backups, and practice data recovery processes from these backups consistently. Frequent, rigorous testing can prevent you from becoming a stat and help you make a full recovery in the event of a breach. Also communicate the importance of security policies and data backup to employees. According to the 2022 Global IT Security Surveyone in four organizations say that despite having a remote work security policy, employees are not adhering to it.
A strategic approach to data backup and resilience can help your organizations improve data control, remove unauthorized data access, and drive rapid recovery should a breach, attack, or other data loss occur. Your plate is full as an IT professional, but these steps will prevent you and your organization from falling prey to costly consequences later on. You, your customers and your company will be happy with it.
What best practices have you considered to improve your data backup and resilience plan? Tell us On Facebook, Twitterand LinkedIn.