Don’t Play the Victim: #HowTo Create a Ransomware Backup Plan

Written by

Data is a company’s most precious asset, but storing it entails a major responsibility to keep that data safe. This isn’t just the responsibility of the IT or security team. There is a collective obligation across the entire organization.

Yet, a castle is only as strong as the foundation it’s built on. Threat detection and endpoint security solutions are crucial to a strong security posture, but they’re only half the equation. In the first instance, preventing a highly damaging ransomware attack takes strong data management - a company-wide culture of data responsibility and tools that enable monitoring and rapid response against cyber threats.

Well managed data is easier to locate, utilize and update with the latest security policies, making it easier to protect from attackers. However, you must also make careful, considered decisions about how that data is backed up in the cloud. Prevention is the best option, but when your defenses fail you also need a strong backup plan to protect your most valuable data.

Cultural barriers
At its base, poor data management is a problem of culture. It indicates that strong data policies aren’t being formulated by company leadership, enforced by managers, or followed by employees. When it comes to security, one weak link can break the chain so companies should do their best to promote a holistic culture of data responsibility at all levels.

Employees are your first line of defense against ransomware. In almost every case they will be the recipients of the malware, and it’s often their immediate response that decides whether a breach occurs. Regular and comprehensive security training is essential to ensure they can spot and report a potential ransomware attack before it can do any damage.

However, data responsibility means more than threat awareness. How you store, organize and tag your data is just as important from a security perspective. When procedure is lax, data can go unclassified and becomes much harder to find. This lost, dark data poses a potent security risk to companies. If you don’t know where your data is, how can you be certain it is protected?

Keeping data properly organized is a real challenge in today’s highly fragmented IT and cloud environments. To keep dark data at bay, staff must be supported with the right security and data management infrastructure. Tools that break down silos and consolidate all data within a single database are key to keeping your data in order.  

The backup plan
Yet even with a well-equipped, security conscious workforce, the worst can still happen. It only takes one employee to click the wrong email attachment and your network could be infiltrated. 

Sadly, there’s no single panacea against ransomware. Once malware makes contact with your network it spreads like a virus. It may begin on one machine and then quickly spread across your entire IT estate. Ransomware allows hackers to go from encrypting files on start-up drives one minute, to attacking data on shared networks the next. 

Strong defenses in one area can be easily overcome in another. When this happens, you need a concrete multi-level backup strategy to ensure your mission critical data can’t be held to ransom. Firstly, isolating your backups must be top-of-mind. Utilizing the public cloud as a space for backup storage is the ideal solution. Isolated from your main network and updated with the latest security policies, cloud storage is a secure, low cost and scalable counter defense.

Frequency should be your next consideration. If ransomware manages to encrypt the only copy of a file, you will never be able to retrieve the data without paying for it. Regular replication, however, ensures that you always have a backup. While needs differ between organizations, it’s sensible to keep at least three copies of data, on two devices and with one copy offsite.

Of course, no company has an infinite reservoir of storage space it can draw from. Simply replicating data as and when needed will quickly see you reaching your storage limit, forcing your staff into time consuming and disruptive data audits. Careful management of your data retention periods avoids this problem. Keep track of how many copies of different files you need and where they should be stored. A master catalogue will help staff find this out quickly, allowing them to tend to and tidy your data estate as needed.

Finally, you must make sure your recovery process is robust. Scheduled and surprise tests will help employees to do the right thing when it really counts. These drills could involve staff checking to ensure a backup site will go live should the main application fail, or something as trivial as recovering a file to a PC before checking it matches the original.

It’s important to stress that no organization can afford to rest on its laurels. An impenetrable ransomware defense now could fall next month if it isn’t maintained. Criminal techniques and capabilities are advancing faster than ever, so organizations must make sure they have the will and technology in place for continuous improvement. 

What’s hot on Infosecurity Magazine?