How did you spend World Backup Day? It was on March 31, in case you missed it. If you’re like many people, you didn’t think about your backups at all. If you did, you likely didn’t give them any more attention than usual. There are at least a couple of good reasons to give your backups more thought, though.
The first reason you should be thinking more about your backups these days is the global threat situation. Since the Russian invasion of Ukraine, we’ve seen an increase in cyberattacks, and the threat landscape is constantly evolving. We’ve written a number of blogs and articles on the situation.
Not to be alarmist, but the increased threat level and unpredictability in cyberspace makes for increased traffic, more alerts — both legitimate and false — and an opportunity for criminals to hide in all the activity.
Online attackers are quick to exploit chaos. When the COVID-19 pandemic first hit and companies scrambled to provide remote access for workers, we saw a surge in attacks. Attackers exploited weaknesses in technology and, especially, in training. Email compromise — especially phishing — is still a leading method for malware to enter organizations. Today, with people following the news with interest, a malicious email with an infected link may compromise your entire network.
Of course, if you train your employees well — they can be great assets to your security strategy — and use solid email protection, you can stop many threats. But you must prepare for the worst case: that a threat succeeds and gets through.
So, now that it's springtime (at least in the Northern Hemisphere), a spring cleaning is due. It’s time to ensure your backups are in order and you’re using best practice.
It's an opportunity for your business to review its data protection strategies, making sure that your current solution is fit for the purpose. Is it reliable? Do you get good value from the solution in terms of how much it costs? Have you considered protection of your cloud data?
That last one is vitally important and often overlooked. If you’re running services in the cloud and have data there, your cloud provider’s terms of service likely state that data backup is your responsibility. So you must be sure you’re fully in control of all data backups, regardless of where the information resides.
It looks pretty, but does it work?
The second thing I’d suggest considering, now that I’ve got you thinking about backups, is testing those backups. You’d be surprised how many organizations implement a backup solution and schedule backups — and then never verify or test those backups.
Your backups are your last line of defense against a cyberattack. When an attacker gets into your systems, the first thing they’ll do is find your data and encrypt it, corrupt it, or delete it. Any backups that are live on your systems are vulnerable. Such backups can be useful in the event of a technical problem, but you can’t depend on them to restore your business and get you up and running after a ransomware attack.
You need to verify your nightly backups. You could have a real problem on your hands if, after an attack, you’re trying to restore data and machines and you suddenly realize that something isn't working as you'd expected. So testing your solution on a regular basis is absolutely key. This means restoring from the air-gapped, immutable backups you have squirreled away in case of emergency.
World Backup Day came and went for most businesses without any disruption or any need to access their backups. And most organizations are likely not immediate targets of cyberwarfare attacks. However, cybersecurity is about avoiding the worst-case scenarios. I’d be glad to talk more about how Barracuda can help you do that.
Charlie Smith is a Consultant Solutions Engineer specialising in Data Protection and Disaster Recovery, with over 22 years’ experience designing and architecting both on-premises and cloud-based solutions, he helps organisations mitigate against the risk to data loss, ransomware and malware attacks. Charlie works closely with regional sales and SE teams who utilise his knowledge and expertise to support and drive data protection projects across EMEA for Barracuda.