Blog
What is Passwork?
By Iliya Garakh, CTO in Security

What you need to know about protecting your data backups

Backing up data is critical to ensuring system integrity, but if done incorrectly, it can exacerbate already-existing security issues. Fortunately, there are a number of best practices that can be followed.

In order to keep your data safe and secure, you need to have regular data backups. However, these backups are often the source of many security problems. In fact, a large number of security breaches can be traced back to the mismanagement of data backups. A lack of adequate data backup controls is evident in the headlines and security surveys that are published. There's nothing wrong with using best practices when developing an enterprise data backup strategy.

Millions of sensitive business records have been compromised in backup-related mistakes over the last few years, according to recent reports. Indeed, these are just the incidents that have been publicly reported. Confidential information, including intellectual property, is no less vulnerable to data backup-related breaches than other types of sensitive data. Without a solid back-up plan in place when things go wrong, security is the first thing on the shark’s menu.

As long as there is a process for replicating sensitive data, many storage professionals believe that their organisation is safe. However, this is only half of the battle. A new set of dangers arises from what can be done with data backups, which are often overlooked. Because of this, it is essential to incorporate secure data backup guidelines into the overall enterprise information security strategy.

Here are 10 ways to keep your data backups safe and secure from threats like ransomware, malicious insiders, and external hackers, both locally and in the cloud:

Make sure you have a backup plan in place

It is important to make sure your security policies include backup systems. Access control, system monitoring, and malware protection all have a direct impact on data backups.

Incorporate backup systems into your disaster recovery plan

Your disaster recovery and incident response plans should include a backup of your computer files and other important information. A ransomware outbreak, an employee break-in, or an environmental event such as a flood or hurricane can all compromise or destroy a company's data backups. If you don't have a plan in place for what to do if and when the time comes, your backups could be harmed.

In order to protect data backups, restrict access to them

Only those who need to be involved in the backup process should be given access rights. Software and data backups are no exception here either. Systems that provide backup access, whether on-premises or in the cloud, should not be undervalued.

Consider a variety of backup options

Keep your backups in a different location, such as a different building. Your data centre and your backups could be wiped out in one fell swoop if a natural disaster, a fire, or some other rare, but impactful, incident occurs.

Protect data backups from unauthorised access

Backing up to NAS, external hard drives, or tapes is fine as long as access to those locations can be tightly controlled. Your backup files are just as important as your computer's hard drive. SOC audit reports, independent security assessments, or your own investigations may be able to confirm this.

Ensure the safety of all backup media devices

Some backups are still kept on portable drives, tapes, and other media, despite the widespread use of hard disks and solid-state drives. Fireproof and media-rated safes should be used in these situations. One of the most common places to keep backups is in a “fireproof,” but paper-only safe. A standard fireproof safe only serves to provide a false sense of security for backup media such as tapes, optical disks, and magnetic drives, which have lower burning/melting points than paper.

Check out the security measures in place for your vendors

Find out what security measures your data centre, cloud, and courier service providers are using to keep backups safe. Despite the fact that lawyers appreciate well-drafted contracts, they are not always sufficient. As a fallback measure, contracts can help protect sensitive data, but they won't stop it from being exposed in the first place. Check to see if security measures are in place as part of vendor management initiatives.

Ensure the security of your network

Backups should be stored on a separate file system or cloud storage service that is located on a separate network. Ransomware-related risks can be minimized by using unique login credentials that are not part of the enterprise directory service. The use of two-factor authentication can increase the security of your backup system.

Encrypt backups as a top priority

Whenever possible, encrypt your backups. The same is true for backup media and files, which must be encrypted with strong passphrases or other centrally managed encryption technology if they are to be taken outside the premises at any point in time. Encryption is an excellent final layer of defence when implemented and managed correctly. It's reassuring to know that even if your backups are corrupted or destroyed, you won't be able to access them. This is especially useful when it comes to meeting compliance and notification requirements in the event of a data breach.

Ensure that all of your data is backed up and tested frequently

These data backup flaws are likely to exist within your business. Before you're hit by a ransomware attack or data destruction, it's a good idea to find out where your vulnerabilities lie. Hire an unbiased third party to find the holes in your data backup processes and systems on a regular basis or look for them yourself. In the end, it's the little issues that aren't so obvious at first that can be the most difficult to deal with.

A self-hosted password manager for your business

Passwork provides an advantage of effective teamwork with corporate passwords in a totally safe environment

Learn more