Do you have backups in place? Simple yes or no answer, or is it? In the past, backups were not necessarily seen as a security issue, but ransomware changed that. Backups, and the security of those backups, is now more important than ever. Backups have become Information Security’s best friend.
But is simply having a backup really the only concern? As security professionals we are asked about backups regularly. Here is our take on the subject:
Having backups in place is critical.
Having working backups in place is critical.
Having frequent backups in place is critical.
Having tested backups in place is critical.
Having isolated or offline backups in place is critical.
Having backups only accessible to the necessary staff is critical.
Ensuring there are backups of everything necessary to run your business is critical.
Cloud assets, AD, applications… all of these are in scope and should have backups at some level. Multiple copies and retention should also be considered.
If we are testing your environment and we can get into your backups, so can a malicious actor, so give them the appropriate level of attention. Make sure resources are put into ensuring that you know what is backed up, the frequency of backups, and how they are secured. Make this part of your Business Continuity planning and testing. Recover and test your backups, regularly. Do not wait for a loss of data to investigate this crucial component of your IT environment.