“Ransomware causes the NHS to come to a standstill as the attack results in 7000 NHS appointments being cancelled.”
Now imagine your organisation’s name in the title. And it’s not just organisations; The city of Atlanta was brought to a standstill in March due to a similar attack.
Did these organisations deliberately put themselves at risk? Would you leave your key in the front door when you go out? Security attacks happen so you invest in secure data backup, your ultimate security system.
But what if you remove the key and the door remains unlocked? Hackers have accessed your backup files and the only recovery point you have is after the attack.
The latest backup software produces greater resilience than ever before; it averts security breaches to your backup files and protects critical data. Is this the security panacea?
If only it was that easy.
Environments change and systems deteriorate if you don’t invest in costly proactive management.
So, what should you do next?
- Act on flashes from your backup vendor or service provider. One backup application we know issued 30 flashes last year, of which 19 were related to security. How many did you apply?
- Ensure your backup server(s) is as hardened as your most critical application server. Implement some form of encryption for your stored data.
- Actively manage administrator passwords or enforce with LDAP or Active Directory.
- Don’t run software which is more than 18 months past general availability.
- Ransomware is propagated via a network and aims to encrypt file systems and block storage. Consider tape or object storage and make snapshot copies of the backup database. If the backup database becomes encrypted your “get out of jail card” is useless.
- Perform regular randomised recovery tests. Don’t rely on the day-to-day recoveries you must make.
The GDPR regulation has forced backup vendors to innovate and integrate new security features into their software. These features are available for anyone on subscription or maintenance plans. Do you know if you’re using them to maximum effect?
When it comes to securing your most critical data it’s never too soon to take backup security seriously.
Steve Miller has 18 years’ experience helping organisations protect their data and is currently the CTO of Silverstring. If you would like to know more please contact him at smiller@silverstring.com
