Ransomware is increasing exponentially, year on year, as hackers realise that they can use your most significant asset against you.

Having the ability to back up your data is a necessity, not just due to nefarious actors potentially locking you out of your systems by deploying Ransomware, but also to protect you if your data is lost or corrupted due to human error, system failure or natural disaster.

A secure BackUp offers peace of mind and reduces the risk to your business, see it as an insurance policy for data.

So, What Is BackUp?

BackUp is the ability to create a copy, or duplicate, of data and store it in a different location, such as Cloud, external hard drive, disk, or removable storage facilities. This can then be used to restore any data loss, deletion and corruption or, to recover data from an earlier time.

The National Cyber Security Centre recommends keeping multiple BackUps and to logically separate them – three copies stored on two different media, with one off-site.

But Is BackUp Enough?

To protect business-critical data, you need an integrated approach of cyber protection, extending your backup capabilities with features such as next-generation anti-malware and endpoint protection with control.   The latest backup solutions provide a wide range of protection outside the fundamentals of copying data. One such area is immutable storage, which ensures your data can never be changed by a Ransomware program, meaning it will always be available to you whatever the incident. Unfortunately, not all BackUp solutions provide this, which means you will never know where the malware is within your data, nor can you use your data for fear of the malware launching.

Another feature of these advanced backup systems is integration and automation to on-premises servers and endpoints, such as laptops and PC’s, to provide increased productivity for IT support staff, as many of the day-to-day tasks are managed by the system and will reduce operating costs and complexity, giving a real return on investment. Furthermore, deploying endpoint controls can provide a full backup of an endpoint and if it malfunctions, a new unconfigured device can be shipped to the user and operating system with all of the data and company policies automatically configured remotely, by the central backup server. This brings the user back online quickly with minimal hassle for the IT department.

Securing all endpoints with next-generation cyber protection is proven to minimise the risk to the business. It dramatically reduces security incidents and breaches keeping the organisation compliant with the many data protection legislations in force. 

Working Alongside BackUp Is Disaster Recovery

Disaster Recovery focuses on the protection and restoration of data, files and systems should the worst happen to your business infrastructure and is a key element to the three pillars of cyber security – confidentiality, integrity and availability.

The main purpose of disaster recovery is to bring operations to a normal operating state with minimal data loss, recovering individual files, applications, systems, and access credentials, thus limiting business disruption. However, 70% of businesses are likely to suffer from business disruption in 2022, due to unrecoverable data loss, inability to trade/invoice for an extended time and even loss of market share.

When considering the value versus cost-benefit of a Disaster Recovery Plan you need to consider two things:

  1.  Recovery Point Objective (RPO): the last date a BackUp was taken and the decision as to how far back you want data to be made available. This will require you to consider the frequency of the backups required to run your business (once per day/every hour etc.) and the amount of storage needed to hold the data.
  2.  Recovery Time Objective (RTO):How long your business can operate without access to data or systems. Can the business survive for days or weeks or, do you need recovery in hours? This helps decide where the backed up data is held and if the connection to it can provide the speed of transfer needed to meet the RTO.

These two baselines will help you decide on how much data you are storing, how long it will take to install new servers/endpoints, the time needed to transfer your backed-up data onto the new servers/Endpoints and, to system test.

Having a robust disaster recovery solution can save a company tens of thousands of pounds and can be the difference between survival or business closure.

A common belief is that moving data to one of the global cloud service providers will provide all the backup and protection the business needs. However, none of the global players provide any guarantee about data recovery following a network outage. All they guarantee is service availability. 
It is the data owner’s responsibility to back up their data, even cloud-based email and drives, and make it available in a form that can be deployed on other servers, whether cloud based with the current vendor, or to a new vendor.

Data has value, and needs devices to access and use it. Therefore, it seems logical to put in place a service that can protect that data, wherever it needs to be, and make it quickly available to anyone who needs it, even if their device has failed or, in the event of having to evacuate from a building. 
Simply having a copy of the data is not sufficient, you must wrap it around with a system that can protect and support it, everywhere.

Colin Tankard is Managing Director of Digital Pathways

Source:  Cyber Security Intelligence