Why a Sound Data Backup Practice is so Fundamental
Spring has sprung in Canada, and that means the return of the first robins, street sweepers, and of course, World Backup Day! While this event focuses largely on the backup up of personal data, it’s also a great reminder for organizations to review their data management practice as well. As with personal devices, company devices can get lost or damaged, an increasingly likely possibility if your organization has remote workers or is maintaining a hybrid model.
Also, accidents happen. Workplace users unwittingly delete crucial files all the time, and they don’t always spot the mistake in time to hit the Undo button. While this is far less likely as organizations increasingly leverage OneDrive or SharePoint for work projects, the advantages of outsourced/automatic backups and version control go out the window if end users aren’t using them! Make sure your team knows to store their work files on these cloud-based services and not locally on their hard drives.
A sound backup/restore practice is fundamental to the 18 CIS Critical Security Controls to which we align our clients, much less the cybersecurity triad of Confidentiality, Integrity, and Availability. CIS Controls #3 covers Data Protection, and it’s based on the simple premise that enterprises rely on data to make business decisions. It’s therefore crucial to have recent backups or mirrors to recover enterprise data to a known trusted state.
A good data management process starts with good data classification guidelines and requirements for the protection, handling, retention, and disposal of your data. Once that’s done, it’s best to separate assets according to the sensitivity levels of each and prioritize your backups accordingly.
Control #3 goes hand-in-hand with Control #11, Data Recovery, which recommends taking a random sampling of backups and restoring them in a test bed environment once per quarter, or whenever your organization introduces a new backup process or technology. This is ultimately the best way of verifying the integrity of your backups and is a big component of a solid organizational incident response plan.
At the end of the day, remember that storage is relatively cheap, but your sensitive data is anything but.
Happy World Backup Day!
You might also like
iON at the Western Canada Information Security Conference
The Western Canada Information Security Conference is back on May 16-17! This year’s event will once more bring together IT Security and Audit professionals plus OEM and local vendors for two days of top-notch presentations and excellent networking opportunities. The top names in cybersecurity will be well represented at this year’s event, so if you’re…
Password Policy Best Practices
World Password Day is Thursday, May 5, which is a good reminder that strong password policies are crucially important to a sound cybersecurity practice. Password guessing based on publicly available information is one of the most common tactics of malicious actors. Weak passwords also remain a top cause of data breaches for organizations of all…
ICS Malware: Industroyer2 and Pipedream
Last week, two new ICS malware tools were unveiled to the world that have the potential to wreak havoc on North American industrial control systems.Industroyer2Industroyer2 was a major component of a recent, unsuccessful attack on high-voltage electrical substations in Ukraine. This attack was linked to Sandworm, a threat group affiliated with Russia’s GRU military intelligence…