Disaster Data Recovery: Are You Prepared?

/in , , , /by

Most businesses have now gone digital, taking their processes online and storing data in the cloud and whatnot. While speedier transactions and greater portability make this technique very convenient, it also poses some risks. One of these is the risk of digital disasters and possible security breaches from all directions. In other words, if you aren’t vigilant, all of your company’s data can be stolen or encrypted. Do you have a disaster data recovery plan in place that meets all of your requirements?

 

Unforeseen Disasters And Breaches In 2021

 

In recent years, there have been numerous disasters that have affected global companies in different industries. Most of the attacks in 2021 came in the form of ransomware that took advantage of human gullibility.

 

The electronics company Acer took a hard blow in cyber-attacks in 2021. Overall, they ended up dealing with a $50 million ransom demand that a notorious hacking entity called ReEvil supposedly asked for in exchange for the return of a massive amount of stolen digital data.

 

In April of this year, Facebook suffered a security breach that exposed the personal information of over 530 million users. Screen scraping is a technique used by hackers to get information from websites. It’s how they were able to access the data files of almost 92% of LinkedIn members and obtain personal details like emails or phone numbers!

 

Because of the lockdowns and work-from-home setups, previously protected information became exposed in the digital world. Luckily, most companies had reliable security policies that protected data coming in and out of their office networks. However, with most individuals working remotely and using devices, it is difficult for a corporation to keep control over their security network, necessitating an upgrade.

 

The Importance Of Proper Preparation And Safeguarding Your SMB

 

Business owners often make the mistake of believing that something like this will never happen to their company. They like to believe that because they are a tiny firm, no hacker would be interested in attempting to compromise them. As a result, many don’t even bother to take precautionary measures to protect their small or medium-sized businesses from potential threats.

 

Unfortunately, small and medium-sized businesses are easy to crack and are typical targets of these hackers. Many companies lack the appropriate infrastructure and security tools to protect themselves from cyberattacks. To keep from being a victim, you must partner with a managed services provider that can provide you with an ironclad disaster data recovery plan.

 

Creating A Good Disaster Recovery Plan

 

Disaster data recovery is a serious matter that should not be taken lightly. The process of developing this plan entails a great deal of deliberation and decision-making.

 

Begin by defining a sensible recovery time objective (RTO). This process is the amount of time you expect to be fully back on track after disaster strikes. The shorter the RTO, the more expensive the disaster data recovery will be, so you need to consider this.

 

Also, make sure to clearly outline the duties and responsibilities of each individual employee in your organization. In addition, establish a clear communication plan as well as security protocols.

 

Of course, the most crucial parts of disaster data recovery are having offsite data backup and installing dependable and updated anti-spyware tools on all the devices used for business procedures. You should also test your disaster recovery plan with your staff. That is the only way to find out if it works.

 

Hire A Professional MSP For Disaster Recovery

 

As you can imagine, disaster recovery is a complex matter. If you want to know that your plan can protect you, the best option is to have a fully managed disaster data recovery solution from a reliable MSP. 2021 slammed us with a plethora of serious security threats for SMBs, and it’s scary to think of what 2022 might bring.

 

Ensure the safety of your company now before it is too late! Contact us today, and we will show you how.

Cybersecurity Insurance – 5 Reasons Why you need it

/in , /by

Cybersecurity insurance, also referred to as cyber insurance or cyber liability insurance, is insurance that your business can buy to reduce risks to data loss. A cybersecurity insurance policy will transfer some risk to the insurance company for a fee.

While all types of insurance have been around for decades, cybersecurity insurance is relatively new. Businesses that chose to buy cybersecurity insurance were early adopters. Given how cyber risks fluctuate, cybersecurity policies must change and adapt frequently. Underwriters have access to data that helps them calculate risk and set policy rates, premiums, and coverage. For cybersecurity insurance, it’s not that simple. This hurdle is because cybersecurity insurance is new, and the data is limited.

1. It is an Extra Layer of Protection.

Losing data through theft or compromise has the potential to harm an organization. It can mean customers go elsewhere and cause your business a loss in revenue. What’s more, without cybersecurity insurance, your company could be liable for any damages that stem from third-party data being stolen or compromised. Losing client data without a backup plan in place could be a disaster.

Cybersecurity insurance is essential if businesses want to protect themselves against cyber event risks, including threats linked to terrorism. In addition, coverage for cyber threats can help remediate cyber incidents quickly and could save your business.

2. Anyone can be hacked!

Back in 2011, the PlayStation Network suffered a breach by hackers. This breach exposed the personal data of 77 million users. It meant that PlayStation users were unable to access the service for over three weeks. In terms of cost to Sony, there were over 171 million dollars lost due to this breach. Sony could have saved themselves some of the $171 million had they secured a cybersecurity insurance policy – but they didn’t. A subsequent court case ruled that their insurance policy only covered physical damage, which meant that Sony had to pay the costs of the losses from the cyberattack.

3. How It Works.

Many insurance providers that provide coverage like commercial property insurance or business liability insurance will also provide cybersecurity insurance. Most cybersecurity policies cover the first party (losses that impact a company directly) and third-party losses (losses by other people caused by a cybersecurity incident, depending on their relationship to the organization).

Cybersecurity insurance will help cover any losses resulting from cyber incidents and events. What’s more, it can also help with costs linked to remediation, such as paying for legal assistance, crisis communicators, investigators, customer refunds, and loss to customer accounts.

4. Who should get Cybersecurity Insurance?

Companies who manage, store or create electronic data like contacts, sales, or credit card info will benefit from cybersecurity insurance. E-commerce companies can also benefit from cyber coverage. Besides losing money, downtime from a cyber event can potentially lose customers and sales.

In a similar vein, any company storing client information online will benefit from cybersecurity insurance and its liability coverage. But be forewarned that not every business will qualify for this type of insurance. You’ll need to prove that you are doing everything possible to secure your data. If you’re not sure if your cybersecurity is the best it can be, that’s something we can help you figure out.

5. What doesn’t a Cybersecurity Insurance Policy cover?

Whenever a business purchases a cybersecurity insurance policy, check the policy documents carefully. Depending on the policy type, you may lack some coverage you wanted, or you might have coverage for things you weren’t aware of. Examples include paying legal fees, costs of notifying customers, meeting ransomware demands, costs of recovering data, etc. Make sure you’re happy with your coverage before you sign on the dotted line.

Since it hasn’t been around very long, policies and prices vary between providers. Therefore, businesses need to think carefully about what they would like covered in their cyber insurance policy. Depending on the industry, different organizations will need different types of coverage. If you need help figuring all of this out, you can book a complimentary Cybersecurity Business Review with us. The Review has a value of $2,500, so you’re already saving money.

Having your Managed Service Provider help you through the application process is a good idea. After all, we can help define what coverage your business will need. The bottom line is, if you don’t have it, look into getting it. Without it, you may risk making the same mistake as Sony did. If you have any questions, contact us for a cybersecurity consultation.

Are Cybersecurity and Internet Safety the same?

/in , /by

We use it, but we don’t think about it. Modern society is dependent on technology. Whether it’s your TV, the Internet, a laptop, or a phone, there’s no denying how much life has changed over the last two decades. This online access means that individuals and businesses need to be diligent about their Cybersecurity and Internet Safety.

We hear the terms cybersecurity and Internet safety, but are cybersecurity and Internet safety the same? The short answer is no. However, cybersecurity and Internet safety can incorporate many similar elements, and both involve online safety solutions. Yet, there are differences, which we’ll explore in this blog post. Essentially, internet safety is about individual people and their safety, while cybersecurity is more about securing devices or information held on systems.

Internet safety

When we talk about Internet safety, we refer specifically to an Internet user’s awareness of their online safety. This awareness reflects their knowledge of the security risks to their private information. Many users are unknowingly open to threats to online safety. Their data and identities are juicy targets hackers are after.

With the rapid growth of the Internet, many services became accessible to users from all over the globe. Unfortunately, as digital communication increased, so did the incidence of malicious use for personal gain. This risk is a huge concern for children and the elderly, but anyone can become compromised. Common safety threats include internet scams, malware, phishing, cyberbullying, cyberstalking, sextortion, and online predators.

The awareness of internet safety is an important step for individuals in their private lives. This also applies to businesses and their employees. The risks they face are not only personal but also impact their organizations.

Cybersecurity

When we talk of cybersecurity, we refer to how organizations and individuals reduce the risk of cyberattacks.

The core function of cybersecurity is to protect the device rather than the individual. This protection also incorporates the services accessed at work and online from damage or theft. Finally, cybersecurity is about preventing any unauthorized access to personal information stored online and on devices.

Three key differences between internet safety and cybersecurity

1. Internet safety is about the protection of people, while cybersecurity is the protection of information.

2. Poor internet safety means that individuals are vulnerable on a personal level. Poor cybersecurity means that a system is vulnerable to hackers.

3. Internet safety relies on strong passwords, mindful downloading, and careful posting on social media. Likewise, cybersecurity relies on features like firewalls, up-to-date software, and multi-factor authentication.

Protect your business with an MSP

While both internet safety and cyber security are important, it is cybersecurity that businesses need to focus upon. One wrong move and the whole business could be devastated. However, business owners can be proactive in protecting their organization and their assets by hiring a Managed Service Provider to assist with their cybersecurity and cybersecurity insurance.

Final thoughts

When a security breach can ruin your customers’ trust and your reputation, businesses must consider cybersecurity seriously. Bringing aboard a Managed Service Provider is a proactive way for business owners to ensure they have protection and the most appropriate cybersecurity insurance for their organization. Every MSP must stay up-to-date with the latest cybersecurity threats.

And for anyone who is ever online (most people!), it’s essential to know all about Internet safety too. View our Cybersecurity Resource to download our Internet Safety eBook.  This is a great resource for everyone: children, parents, older people, employers, and employees alike. If you have any questions, feel free to contact us.

True Security Doesn’t Mean Passing a Compliance Audit

/in , /by

Keeping company IT resources secure is a critical goal. Meeting compliance standards supports that effort, but achieving compliance isn’t the same as achieving security.

Compliance vs. Security

Compliance is about taking the steps necessary to satisfy regulatory scrutiny. Typically, a business will need to meet a compliance standard based on its industry or the nature of the data it collects. The standards provide a checklist of measures that need to be implemented in order to be in compliance.

Security, on the other hand, is about taking steps to reduce the risks faced by business IT resources. This usually requires going beyond the baseline measures needed for compliance. There are a few reasons for this:

  • compliance is not nuanced. Compliance means you’ve done or not done a particular security task. Whether the way the task was completed actually increases security isn’t important. For example, compliance often requires annually training employees with respect to secure computing. There are many ways to meet that requirement, and not all of them effectively educate employees and result in increased security.
  • compliance is not current. Compliance requirements don’t keep pace with the threats. By nature, they require a lengthy review process. In the meantime, technology is changing and bad actors are discovering new ways of doing damage. Meeting last year’s compliance policy doesn’t protect you against today’s threats.
  • compliance emphasizes the wrong risks. The requirements listed in a compliance document don’t always match up to the most important risks the business faces. To ensure the company’s systems are safe requires addressing the actual threats, not just the items emphasized in a compliance standard.

Security Counts

You may need to check off the boxes on a compliance questionnaire, but achieving security means going beyond that minimum. Businesses need to identify the real risks they face and focus their efforts on addressing those, not deciding “job well done” because they’ve passed an audit. You need to develop policies and processes that provide real security, and implement control that match the level of risk on an application-by-application basis.

This requires keeping up with current trends in threats, making sure necessary patches are deployed, giving users meaningful testing, and integrating technology that effectively detects and blocks intruders, even when it’s not required by any compliance standard. Complete security requires addressing risks in your network, on devices, in your applications, in your data, and in your users.

Security is harder than compliance, because it relies on your own understanding evaluate risks and your own assessment of what steps you need to take to protect yourself. CCS Technology can help you develop and implement a security solution that offers true protection. Contact us to learn how to move beyond compliance and effectively protect your critical IT resources.

Additional Security Resources

Discover the Dangers of the Dark Web

Create An Information Security Culture to Protect Your Data

6 Ways to Keep Your Cloud Secure

Searching the Dark Web Should be Part of Your Information Security Strategy

/in , /by

Peering into dark corners can be scary, especially when it’s the dark corners of the web. If you’re concerned about whether company data has been exposed on the dark web, you have to go looking for it, but you need to do it carefully. There won’t be blinking signs lighting the way to your stolen info, and if you aren’t careful, you can even draw unwanted attention. Nevertheless, there’s more risk in ignoring the shadows than in checking to see what they’re hiding. Here are some things to keep in mind:

Checking the dark web lets you know if you’ve been victimized

Every business is vulnerable to attack, but it isn’t always obvious that an attack was successful. Because hackers often post stolen data on the dark web, finding it there confirms that you’ve been attacked and lets you know what sensitive data was taken. You can then focus your security efforts to change those stolen passwords and increase security where you were vulnerable. While some of that new security is reactive, knowing what’s on the dark web can identify new threats and let you be proactive in adding security measures, too.

It isn’t easy to find your data

There’s all kinds of stolen data available on the dark web, but it isn’t easy to access or to identify where it came from. In addition, there may be data about your business on the dark web that wasn’t stolen but can still make you more vulnerable to attack. Some data on the dark web may even be completely innocuous. You can easily waste a lot of time trying to find data and then figure out whether what you found is significant.

You can make yourself more vulnerable when you explore the dark web

The queries you do when you search the dark web can leave a trail the bad guys can analyze to learn more about your IT resources. It’s important to be smart about exploring the dark web to make sure you learn more than you reveal.

What are the kinds of things you should look for on the dark web? You’ll want to search for data that reveals the inner workings of your business, plus sensitive information about customers. This includes data about your executives, including their personal information and information about their activity outside of work. Customer data, including personal data and account information, is also online. In addition to data about people, there may be data about systems, including helpful hints on how to set up fraudulent accounts or bypass security measures.

You may want to look for more than lists including name, address, account number; there’s code on the dark web, so it’s worth looking for proprietary source code along with other intellectual property.

Protect Your Business With CCS Technology Group

Protecting your business requires knowing what data has made its way onto the dark web. CCS Technology Group’s dark web scan provides a safe way to peer into dangerous places on the web and gather the insights you need to protect yourself from further damage. Contact us to learn more about why exploring the dark web should be part of your cybersecurity strategy.

Additional Dark Web Resources

Is the Dark Web All Bad?

Discover the Dangers of the Dark Web

What is the Dark Web and Why Should We Care?

Two Numbers to Keep in Mind When You Think About Information Security

/in , /by

Any business that still thinks it doesn’t need to invest in information security needs to take a moment and consider two numbers:

  • When a test placed a new server online, it took only 52 seconds before hackers attacked it.
  • The average cost of a data breach in the United States is $8.19 million.

Can you afford to lose more than eight million dollars in under a minute? No matter what your business is, it’s at risk, and protecting networks, data, servers, and other corporate IT resources need to be a priority.

Developing an effective information security strategy is complicated. To get started, focus on critical categories:

1. Credentials

Credentials are the keys to the kingdom, so keeping them safe is priority one. This is both a technological and a human factors problem. You can use technology to require strong passwords, to implement two-factor authentication, to limit privileged access, and to leverage role based accessed controls, among other methods, to ensure that credentials are assigned, protected, and verified. Users need ongoing training in safe computing, to ensure they know how to create and protect passwords, use mobile devices safely, and avoid falling for phishing emails.

2. Data

While some hackers are intent on destruction, most are after data. Make sure data is protected both at rest and in transit through strong encryption. In addition, protect your data from ransomware by implementing a reliable backup and recovery process. You can also consider using tools such as data loss prevention software and cloud access security brokers to stop data from sneaking outside your corporate network.

3. Servers

Servers are most often vulnerable because they’re using out of date software that hasn’t been patched. For security reasons, it’s important to use supported software and to apply all vendor patches as soon as possible after they’re released.

4. Network

The network is where intruders find the front door to your systems. Firewalls and other tools help keep hackers out. Other tools, like data loss prevention software, help keep important data in. Your internal network design is also an important security measure; proper segmentation and use of internal firewalls can keep intruders who make it inside your perimeter from accessing the most sensitive data.

5. Cloud

More and more company IT resources reside outside the corporate walls and in the cloud. Keeping data in the cloud secure requires action by the cloud provider and also by the data owner. Improper cloud configurations can accidentally make data publicly accessible. Consider using a cloud access security broker as an additional control over access to data in the cloud.

Don’t Get Caught Playing Catch-Up With Your IT Security

CCS Technology Group offers information security services to help businesses reduce the potential risks and costs of a data breach. Contact us to learn how we can help you protect your data.

8 Practices for Safe Computing When Employees Work at Home

/in , , /by

Employees working from home can be casual about their dress, but they shouldn’t be casual about their computing practices. Whether they’re working on their phones, tablets, laptops, or desktop PCs, employees need to take steps to make sure the business they do at home doesn’t endanger their business.

Employers can help employees work safely when they’re working remotely by teaching them to follow these 8 practices:

1. Safe networks

Only secure WiFi connections should be used. When working from home, a home firewall should be turned on to block unapproved connections. When working away from home, employees should avoid free public WiFi and always double-check the name of the correct network. A virtual private network (VPN) is always a good idea.

2. Safe devices

Employees shouldn’t use obsolete hardware and should be sure they’re up to date with operating system security patches. They shouldn’t root or jailbreak mobile devices, as that can disable built-in protections. Antivirus software should be kept up to date, and devices should be paired only with known Bluetooth devices. Every device should be protected by a strong password. In addition to data security, physical security matters too. Employees should use a surge protector to prevent damage to their computer and loss of data.

3. Safe accounts

Employees’ devices at home might be shared with other users. Everyone should have a separate account. Keep passwords private and don’t write them down where snooping children might find them.

4. Safe applications

Because home devices are also used for personal matters and entertainment, you may not be able to limit them to business applications obtained via your company; however, employees shouldn’t download applications from unofficial sites on any machines used for business.

5. Safe data

Any business-related data stored locally should be encrypted. There should be regular backups to an official company data server or cloud location.

6. Safe computing

All the usual safe computing practices apply when working at home. Employees shouldn’t email sensitive information or use unapproved cloud services. Only business email should be used for business matters, and unexpected documents and suspicious links should be left alone.

7. Safe communicating

SMS messages can include phishing links, and employees should be cautious when clicking links, especially in unexpected messages. If employees use a videoconferencing service to keep in touch with friends and family, they should ensure that no company documents are visible.

8. Safe browsing

Employees shouldn’t go to unknown websites, and should avoid clicking on ads or popups unless they know they’re from a trusted source.

Working from home is becoming a key practice to keep businesses functioning during challenging times. By following these safe practices, risks to company data can be minimized. Contact CCS Technology Group for help training employees and ensuring your cybersecurity practices keep your business safe wherever your employees are working.

On-Demand Webinar: Learn More About Managing Remote Employees

For more information, check out our on-demand webinar: 5 Biggest Challenges Working Through COVID-19. We discuss:

  • Safety and Security Working Remote: Hackers are having a heyday right now taking advantage of an already difficult situation. Here’s how you can cope.
  • Bandwidth Challenges: How many things can you expect your network to do?
  • Productivity While Working Remote: We gathered tips and tricks from experienced remote workers that help you settle in to work mode without the commute.
  • Connecting with your team: You can’t gather around the water cooler anymore, but personal connection is still critical.
  • Woes of Video Conferencing: Everyone is trying to adapt to video calls. They can be immensely frustrating or your greatest gift to project management. It’s all in how you use them.

Also, please consider joining us for our upcoming webinar (May 13) where we will discuss a tool to help you manage your remote workforce. Click here to learn more or register.

Know What’s Happening on Your Network with Network Monitoring

/in , /by

Information security requires knowing what’s coming into your network so you can protect the valuable data inside.

Network Monitoring Basics

Basic network monitoring tools work with what’s called flow data. This is very basic information such as IP addresses, ports, and protocols, along with when the communication occurred and how much data was transmitted.

While IP addresses can be mapped to domain names to provide a better understanding of traffic, a single IP address can support multiple domains. This means that the IP address and domain name by themselves provide an incomplete or incorrect understanding of the data source. Adding additional detail to the flow data is needed to provide a fuller picture.

In order to get that fuller picture, the flow data can be enhanced with application metadata. This metadata pulls additional information out of the traffic; for instance, it can identify an http request and the http hostname. This provides better support for blocking traffic to unapproved websites.

Network Monitoring Challenges

Although enriched flow data improves monitoring capabilities, there are still numerous challenges that need to be overcome in order to establish an effective monitoring strategy.

  1. Encrypted data. Today, almost all http connections are actually https connections. These encrypted connections protect transmissions from being spied on as they travel between endpoints. However, that same encryption blocks necessary security inspections once the data arrives at its destination. A message that’s encrypted isn’t necessarily “safe”; it can contain a virus or other malware.
  2. Selecting the data sources. Flow data, from routers and other devices, is necessarily high-level. You can get more detailed data through looking at packets at test access points and port mirrors. In addition, monitoring often requires installing agents on each device. The more devices installed, the higher the costs and the more maintenance required. Some software doesn’t require installing agents, but monitoring too many devices makes the effort more complex and error-prone. Finally, while network monitoring for security often focuses on external data flows, internal data flows should be monitored for suspicious usage as well.
  3. Accessing historical data. Real-time analysis isn’t always sufficient for detecting threats. More accurate threat analytics require historic data as well.
  4. Determining users. Although all data is associated with an IP address, this doesn’t necessarily identify the user associated with the data. User identity may make a difference when deciding whether data is legitimate or should be blocked.

Overcoming Network Monitoring Challenges

All of these challenges can be overcome with a more refined network monitoring strategy. Even encrypted traffic can be subjected through monitoring though designs that allow the data to be decrypted for inspection before passing it on to its destination.

Network monitoring is a vital element of both infrastructure management and information security. Managed services from CCS Technology group ensure your network provides both capacity and security. Contact us to learn more about how our services can improve your business’s IT experience.

Additional Resources

Everyone Is a Participant in Information Security

Discover the Dangers of the Dark Web

Don’t Overlook These Information Security Basics

The High Cost of Falling for Phishing

/in , /by

Any employee can fall for a phishing scam. When the employee who falls for the scam is authorized to access and transfer large sums of money, an honest mistake can have significant costs.

$400,000 Sent to a Phisher

That’s what happened to Barbara Corcoran, of “Shark Tank” fame. A phisher changed one character in an email address and reached out to Corcoran’s bookkeeper. The email requested nearly $400,000 to be sent to a German company.

Of course, the bookkeeper didn’t just hand over the money. She replied back to who she thought was Corcoran’s executive assistant, and there was a legitimate-sounding reason for sending money to what appeared to be a legitimate business. The money got sent out, and it was only a later email to the executive assistant—not sent by hitting “reply” to the phishing message—that discovered the scam.

Business Email Compromise

The FBI calls these targeted phishing schemes business email compromise (BEC), and they’re a major risk to businesses. Once the money is wired, it is extremely difficult to get it back.

The scam Corcoran’s assistant fell for required some knowledge of how her business operated, in order to have a reasonable response when the bookkeeper questioned the request for the funds, but hackers don’t need to be sophisticated to implement the scam. Criminals can simply purchase templates that allow them to send these messages or break into an email account using passwords stolen in an earlier breach; if they’re not sure what they need to do, they can buy a phishing tutorial to learn. The overall costs of BEC in 2019 were close to 1.8 billion dollars, according to the FBI.

Defending the Business Against BEC

There are multiple types of phishing attacks, so there are multiple defenses needed, too.

Not all the attacks are as targeted as the one that hit Corcoran. Some attacks send generic messages to thousands of targets. Email filters can help block the messages from reaching employees, and training can help employees learn to report them rather than responding to them.

The more targeted attacks need to be handled through business procedures as well as technological fixes. When there are unexpected requests for large sums of money, businesses can require confirmation through a phone call in addition to an email paper trail.

Learn more about protecting your business against phishing emails.

To make sure you have effective phishing protections in place, contact CCS Technology Group. Our IT security services include employee training as well as the latest in technology to keep your business secure from phishing and other IT security threats.

Don’t Let Ransomware Destroy the Backups You Need to Recover from Ransomware

/in , , /by

Backups are the primary means a business can use to recover from a ransomware attack. It’s no wonder, then, that many forms of ransomware now attempt to destroy any backup files they encounter. Protecting your backups against ransomware is an important part of your defensive strategy.

The Ransomware Threat Against Backups

Ransomware is a form of malware that encrypts system and data files with an unknown encryption key. This encryption makes the files unreadable by their owner. The only way to recover the data is to pay a ransom and receive the encryption key or restore the files from an unencrypted backup.

Some malware implementations attempt to recognize backups by file extensions and will delete those files. On Windows systems, ransomware can detect and delete shadow copies that support file recovery. Ransomware will also attempt to spread through the network, accessing mounted file systems containing backup, and encrypt those files as well. Ransomware may even be able to reach and corrupt backup files stored in the cloud.

Ways to Protect Backups Against Ransomware

The methods to protect backups against ransomware rely on making multiple copies of backups and taking steps to make them inaccessible to any ransomware.

Make Multiple Backups

It’s a good idea to use specialized third-party backup software rather than (or in addition to) built-in backup solutions. Ransomware can’t know how to target every vendor’s backup files.

Keep multiple versions of your backups. There are good reasons for this that have nothing to do with ransomware, but if your latest backup is encrypted, you can restore an older version of your files from before the ransomware attack.

Keep Backups Inaccessible to Ransomware

There are several ways to make backups inaccessible to ransomware:

  • Store at least one copy of your backups in an offsite location.
  • Dismount backup devices after the backup process is complete.
  • Make backup files read-only, or store on write-once media.
  • Use access controls such as Windows Controlled Folder Access to prevent unauthorized processes from accessing backup files.

Note that backing up to cloud does not make those backups inaccessible to ransomware, unless the only access to the backup is via an API rather than mounting the cloud as a drive.

Test Your Backups

It’s important to test your backup files periodically to verify that the data is complete and that you know how to access it and use it to restore your data. You should conduct a full disaster recovery test at least annually and continuously monitor your backup process and address any alerts or failures.

CCS Technology Group helps businesses implement comprehensive business continuity solutions to protect against ransomware and other causes of IT outages. Contact us to learn more about implementing a backup solution that protects your backups as well as your data.

Additional Ransomware Resources

Take These Steps to Avoid Expensive Ransomware Recovery Costs

Don’t Lose Your Files to Ransomware

Ransomware 101: Keeping Your Organization Safe