Listen to this article at the Podcast "CyberCast" (Spanish Version).
We all know how important backups are for organizations. Cybersecurity threats are becoming more frequent and the damage caused by attacks can be severe and cause irreparable damage, so the importance of backups is increasing. Therefore, backing up the organization's most important data and information may be the only way to save it in case of attacks or security incidents.
There are several reasons why backup copies are so important:
If the importance of making backups is a certain, it is equally relevant to select the type of files that will be included in the backups. This is specific to each industry and each organization, but usually the backup should include everything that cannot be easily replaced.
It’s because of the importance of backups that it’s crucial to understand the best way to execute them: in a general perspective, the 3 - 2 - 1 rule can secure this procedure. This rule recommends three backups of data, stored in two places (and on different equipment) and one external copy (for example, in a Cloud service).
But there are some aspects for a better backup execution that should also be considered:
Review the backups’ reports on a daily basis: Backup reports should be reviewed daily, either manually, or through a monitoring and alerting system. Daily analysis is very important because it will allow to detect any problems that arise, preventing them from escalating into a scenario that causes serious damage.
Verify backups: Most backup systems verify the copies after the backup is complete, but regular testing should be executed to ensure file recovery, should it be necessary.
Have an incident recovery plan: Running backups does not constitute an incident recovery plan. The organization should identify and assess the risks to its operation, document what’s being done, and communicate what should be done if there’s a need to execute a recovery. This plan should allow you to assess all risks, accept those risks, or activate appropriate controls to mitigate them.
Storing backups: Backups are usually done on disks or remote sites (in the cloud), but it is important to understand how long it will take to recover the data when it’s time to recover it. The recommendation is to duplicate a certain amount of recent backup data locally to allow a quick recovery, and to have it hosted in the cloud. This allows this data to be available in seconds or minutes, rather than days.
Encrypt backups: As backups go outside the organization's systems and network, they should be encrypted to ensure that no one outside the organization has access to this data.