Organizational data can be as (or more) valuable than the equity within the firm. However, despite the risks of data loss, surveys show that most professionals and companies that are attacked do not have data backups or copies of the data. Data backup and restore capabilities becomes increasingly important in time of digital cybercrime.
In 2017, you probably noticed a significant increase in the data-hijacking risk known as ransomware. In these incidents, cybercriminals block access to all information, systems, and data contained in organizations’ computers and servers as a means of pushing for cash redemption.
However, the redemption payment does not guarantee that you will be able to re-establish access to the data. Therefore, performing regular data backups is essential to protecting your data. If a device is infected, the only guarantee that you will be able to access them again is to have up-to- date backups.
Another critical scenario for the relevance of backup is mobility. Users increasingly store important and sensitive information on mobile devices as well – with a high risk of theft or loss of these devices. In addition, smartphones, tablets, for example, are subject to hardware and system failures, as well as computers.
The best way for companies to avoid the risks associated with losing important data is to set up routine backup process as part of the Information Security Policy. This rule applies to public and private organizations in any industry.
The corporate world has highly efficient tools for data protection. The mechanisms have been improved with several backup alternatives since the 1980s. However, despite the evolution of technology, behavior is one of the main aspects in the efficiency of the backups. You have to employ discipline because a backup does not mean total guarantee against loss of data. The best practices in Information Security ( ISO / IEC 27001 ) recommend that the backup should be stored in great distance from the original location of your data, preferably in an external location.
Enough copies should be created, stored in different locations and media (pen drive, external HD, etc.), reducing the likelihood of the user being surprised. Copies should be organized so that they can be easily found when necessary. It should be noted, however, that USB drives and CDs are less recommended for files that need to be stored longer.
On the other hand, companies should consider that the backup device has limitations, and should analyze the types of problems to avoid and which files to protect. There is no ready-made model.
In each case, the user must evaluate their unique data needs:
- Data volume
- Type of information
- Runtime and Restore
- Storage location risk
Another factor at stake is the end-user’s lack of knowledge. Operating systems offer helpful tools for this dilemma and even the data stored on smartphones have alternatives for backups. Mobile apps also offer online backup services. Users can effectively restore the information in case of any emergency.
Some good practices for data backups and safeguarding information are:
- Keep your information and backup media secure and not out in the open at your home or office;
- Keep your backups off the computer, that is, in another room, in a fireproof vault. If you use a secure vault to store important documents, save your backup discs there as well;
- Make more than one copy. Keep backups in two separate locations, because if a disaster strikes in an area, you will still have your backup copy;
- Keep your backups organized. Periodically (especially if you’re paying for a storage service), delete old files or compress the information so that it takes up less space;
- Protect your information with a solid password. Consider this feature if you need to back up your personal or sensitive information.
Data protection is extremely important, and data backups are only the first step. Important files and information need to be available when you need them.
Janaína Devus is PCI-QSA member of CIPHER’s Governance, Risk and Compliance team.