Securing Backups

Best practices and resources to help secure your organization’s backups

Whether by human error or cyber attack, if your system goes down, you are only as good as your backup.  Most companies we work with during ransomware incidents have some form of backup solution or process, but all too often the backups fail due to poor security controls.  Below are some resources related to backups solutions and best practices.

How to Get Started

  • Learn more about various backup strategies (3-2-1, 3-1-2, 3-2-3, etc).
  • Get helpful backup solutions reviews by revenue size here.

Best Practices

  • Do a Business Impact Assessment (BIA).  A BIA predicts the consequences of disruption of a business function and gathers information needed to develop recovery strategies.  First, your organization must identify and prioritize the functions that would have the greatest impact should they be unavailable.  Next, you assess the resources required to support recovery.  Last, you must analyze the findings and identify gaps between the organization’s requirements and the true ability to deliver those requirements.
  • Choose a backup strategy with multiple copies of data, on different media, in different geographic locations.
  • Choose backup solutions with a proven track record, and if in the cloud, with good security controls and customer service.
  • Develop Business Continuity and Disaster Recovery Plans.
  • MFA into cloud portal
  • BCP / DR plan
  • Business Impact Assessment
  • RPO / RTO (recovery point and recovery time)
  • Link to further resources: