Ramsomware attacks are running rampant these days. The ability to restore your servers, data and applications after an attack is critical to minimize costly disruption and bring your business back in service.
A secure backup infrastructure is key to this. Here’s a checklist on how to keep your backup systems robust and secure:
- Backup and retain data for several weeks. For critical systems, you will know right away if they have been compromised. But some may take days or weeks before you know you have been attacked or get a demand for payment from attackers. It’s better to have retained good copies of backup to restore.
- Replicate backup to an offsite location.
- Conduct regular file recovery and bare metal recovery tests.
- Perform regular patching and upgrade of backup devices. You also need to work with your device vendor to discuss vulnerabilities, monitor security advisories and apply critical security patches as soon as possible.
- Harden your backup infrastructure, for instance by replacing default passwords and turning off unneeded services.
- Implement data-at-rest and data-in-flight encryption.
- Monitor and send alerts for unusual activities such as privileged user multiple login attempts as well as backup deletion attempts. You can integrate with Splunk, CyberSense or other security analytics applications that have advance AI technology to easily monitor, detect, and analyze security breaches.
- Recertify user accounts on your backup devices periodically.
- Use security tool to store and encrypt local and service accounts passwords on the devices.
- Use two factor authentication.
- Implement Retention Lock.
- Implement backup vault by isolating the second copies of the backup. This can be done by using tapes or air gapping the backup storage.