HUGE thanks to the fantastic panel and to SideChannel that partnered with us to deliver this new back-to-the-basics series! This was such a tremendous public service. Fighting cybercrime is a team effort, so watch the webinar and join us. I can promise you will never have a dull moment 🙂
You can watch the entire 1-hour webinar above or read the short write-up below if you don’t have time to watch the whole recording.
What do I backup, and how do I prioritize?
Start with the things that are most critical to secure. For example, your IP or your most important data. Continue with what's essential for operation - these are things you can't survive the next day without. Like your customers, inventory list, or your service schedule to where your technicians need to go.
Think about it as a box diagram. On one axis, you have "Business Critical (IP etc.) and on the second axis, you have critical for operations. Start with the upper right - critical to the business and vital for operations.
Here is what it looks like
How to Treat Data vs Configuration?
A common issue is to only focus on user data. You should ensure that you can also restore all your key systems to the bare metal. This includes all your configuration and data - your OS, Database, Programs, Settings, Drivers, etc. And don't forget to back up your keys!
A Real-Life Story
A company was hit by ransomware. The company had backups, and they were stored in cold storage. However, the configuration file required to restore the backups was not backed up. So even though they had backups, they couldn't restore them. Criminals know that you rely on your backups as a get out of the jail-free card, so if they can cripple your backup system, you can't restore it. This is another example of why the configuration system is as essential as your data.
Why are we backing up data?
While everyone is focused on ransomware, there are many other reasons to back up your data.
Here are the top 5 reasons why you should back up your data.
- Hardware failure - A server dies, Mother nature - Earth Quake, Lightning strike, ect.
- Human mistakes - It's' only human to err. Accidents and bad configurations are common occurrences.
- Software configuration issues - you ran an update, and it killed your server/app.
- Ransomware - You are locked out of your data, and the only way to get it back is to restore it from a backup.
- Something was compromised - Criminals hacked you and compromised your data and service.
How do I know that my backup is good?
The 3-2-1 rule of Backups
The 3 - You need to have 3 copies of data for anything important. Production data + 2 backups.
The 2 - You need to have 2 different media types, like the cloud and an external device.
The 1 - One of your backup copies needs to be completely offline.
Some add another 1 and 0 to the 3-2-1 rule.
1 - Have one imputable backup or, in other words, a write-once backup that cannot be tampered with. This is great for defending against ransomware.
0 - Zero Errors - Monitor the backup process and ensure there are no errors.
Lastly - Make sure that the backup copies are at least 50-70 miles apart.
Do you have a recovery Strategy - Who is involved?
Recovery Time Objective (RTO): How long will it take to restore the data to an operational status? Is it 3 hours, 24 hours, or longer? Did you discuss this with leadership? Has everything been documented. You need to make it easy for the engineers to help with restoring everything. You don't want to start figuring out what's missing during a live event.
Did you take into account where you are restoring from? Are you restoring from a local or remote location, like the cloud ? You will need to factor in how long it takes to download the backup. What's the speed of the internet? You don't want to be surprised by how long it takes to download your backup.
When do you need to encrypt our backups?
Have you heard about the newspaper test?
The test is - Are you ok if this information makes it to the front page of the Wall Street Journal or a big news outlet? If you have sensitive data, like SSN or your IP, you don't want that data hitting the news. Another question is - are you shipping your backups elsewhere, like a tape? If yes, then remember that packages can get lost, so you probably want to encrypt it.
If the storage where you store your backups is encrypted as well as the communication channels, then ask yourself what is the benefit of further encryption. If you are a healthcare provider, it may make sense to further encrypt. Another common concern is that encryption reduces performance. However, don't just assume this. Test it!
What's essential for a small business that doesn't have money?
Cloud can help you to do things you couldn't do before. Send your backup to the cloud. Back up an image of the servers, store them in the cloud and recover them. Also, ask for a budget… it's important! Show the cost of not investing in a backup. Spot checks are also beneficial. Select several files and check if you can find them in your backup. If you are not using the cloud, you can use local virtualization. Spin up another local virtual server, and you can take daily snapshots.
Tips for not failing to restore from a backup?
- The best way to know if your recovery works is - Practice, Practice… Did we say practice?
- Make sure all the components exist. It is usually small things that hold you back from restoring, like a missing driver, ect..
- Pay your bills! If you forgot to pay your cloud storage bills and your credit card expired, you may not have backups.
- Store your keys in a security vault.
- Document - have an independent person (not you), document step by step the restore process and build a recovery plan.
- Have a backup of the backup server.