Cybersecurity Best Practices
      Back to home
      1. Knowledge Base
      2. For Policyholders
      3. Cybersecurity Best Practices

      Securing Backups

      Best practices and resources to help secure your organization’s backups

      Still need help securing backups? See the bottom of this page for info about our vCISO Services consultation. 

      Whether by human error or cyber attack, if your system goes down, you are only as good as your backup.  Most companies we work with during ransomware incidents have some form of backup solution or process, but all too often the backups fail due to poor security controls.  Below are some resources related to backups solutions and best practices.

      How to Get Started

      • Learn more about various backup strategies (3-2-1, 3-1-2, 3-2-3, etc).
      • Get helpful backup solutions reviews by revenue size here.

      Best Practices

      • Do a Business Impact Assessment (BIA).  A BIA predicts the consequences of disruption of a business function and gathers information needed to develop recovery strategies.  First, your organization must identify and prioritize the functions that would have the greatest impact should they be unavailable.  Next, you assess the resources required to support recovery.  Last, you must analyze the findings and identify gaps between the organization’s requirements and the true ability to deliver those requirements.
      • Choose a backup strategy with multiple copies of data, on different media, in different geographic locations.
      • Choose backup solutions with a proven track record, and if in the cloud, with good security controls and customer service.
      • Develop Business Continuity and Disaster Recovery Plans.
      • MFA into cloud portal
      • BCP / DR plan
      • Business Impact Assessment
      • RPO / RTO (recovery point and recovery time)
      • Link to further resources: https://www.unitrends.com/blog/3-2-1-backup-sucks

      Looking for hands-on help to secure backups? Our consults with blue-chip vendors can help. 

      vCISO Services from Corvus aim to help organizations dig deeper into specific issues and find the right offering to meet their needs. The process begins with a free, no-risk consultation call to explore options. Any further services selected are offered at an exclusive discounted rate. 

      Click here and fill out the form to get started. You can check off as many services as you’d like — for securing backups, we recommend both a Backups Consult and a Network Segmentation Consult.