Data Is Your Most Valuable Asset. How Are You Protecting Yours?

Uploaded on 2021-10-05 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Resilience

Ransomware is increasing exponentially, year on year, as hackers realise that they can use your most significant asset against you.

Having the ability to back up your data is a necessity, not just due to nefarious actors potentially locking you out of your systems by deploying Ransomware, but also to protect you if your data is lost or corrupted due to human error, system failure or natural disaster.

A secure BackUp offers peace of mind and reduces the risk to your business, see it as an insurance policy for data.

So, What Is BackUp?

BackUp is the ability to create a copy, or duplicate, of data and store it in a different location, such as Cloud, external hard drive, disk, or removable storage facilities. This can then be used to restore any data loss, deletion and corruption or, to recover data from an earlier time.

The National Cyber Security Centre recommends keeping multiple BackUps and to logically separate them - three copies stored on two different media, with one off-site.

But Is BackUp Enough?

To protect business-critical data, you need an integrated approach of cyber protection, extending your backup capabilities with features such as next-generation anti-malware and endpoint protection with control.   The latest backup solutions provide a wide range of protection outside the fundamentals of copying data. One such area is immutable storage, which ensures your data can never be changed by a Ransomware program, meaning it will always be available to you whatever the incident. Unfortunately, not all BackUp solutions provide this, which means you will never know where the malware is within your data, nor can you use your data for fear of the malware launching.

Another feature of these advanced backup systems is integration and automation to on-premises servers and endpoints, such as laptops and PC's, to provide increased productivity for IT support staff, as many of the day-to-day tasks are managed by the system and will reduce operating costs and complexity, giving a real return on investment. Furthermore, deploying endpoint controls can provide a full backup of an endpoint and if it malfunctions, a new unconfigured device can be shipped to the user and operating system with all of the data and company policies automatically configured remotely, by the central backup server. This brings the user back online quickly with minimal hassle for the IT department.

Securing all endpoints with next-generation cyber protection is proven to minimise the risk to the business. It dramatically reduces security incidents and breaches keeping the organisation compliant with the many data protection legislations in force. 

Working Alongside BackUp Is Disaster Recovery

Disaster Recovery focuses on the protection and restoration of data, files and systems should the worst happen to your business infrastructure and is a key element to the three pillars of cyber security - confidentiality, integrity and availability.

The main purpose of disaster recovery is to bring operations to a normal operating state with minimal data loss, recovering individual files, applications, systems, and access credentials, thus limiting business disruption. However, 70% of businesses are likely to suffer from business disruption in 2022, due to unrecoverable data loss, inability to trade/invoice for an extended time and even loss of market share.

When considering the value versus cost-benefit of a Disaster Recovery Plan you need to consider two things:

 1.  Recovery Point Objective (RPO): the last date a BackUp was taken and the decision as to how far back you want data to be made available. This will require you to consider the frequency of the backups required to run your business (once per day/every hour etc.) and the amount of storage needed to hold the data.

 2.  Recovery Time Objective (RTO): How long your business can operate without access to data or systems. Can the business survive for days or weeks or, do you need recovery in hours? This helps decide where the backed up data is held and if the connection to it can provide the speed of transfer needed to meet the RTO.

These two baselines will help you decide on how much data you are storing, how long it will take to install new servers/endpoints, the time needed to transfer your backed-up data onto the new servers/Endpoints and, to system test.

Having a robust disaster recovery solution can save a company tens of thousands of pounds and can be the difference between survival or business closure.

A common belief is that moving data to one of the global cloud service providers will provide all the backup and protection the business needs. However, none of the global players provide any guarantee about data recovery following a network outage. All they guarantee is service availability. 
 
It is the data owner's responsibility to back up their data, even cloud-based email and drives, and make it available in a form that can be deployed on other servers, whether cloud based with the current vendor, or to a new vendor.

Data has value, and needs devices to access and use it. Therefore, it seems logical to put in place a service that can protect that data, wherever it needs to be, and make it quickly available to anyone who needs it, even if their device has failed or, in the event of having to evacuate from a building. 
 
Simply having a copy of the data is not sufficient, you must wrap it around with a system that can protect and support it, everywhere.

Colin Tankard is Managing Director of Digital Pathways

You Might Also Read:

How to Protect Your Files From Ransomware:

 

« Facebook, WhatsApp & Instagram Suffer Massive Outage
Facebook Weakens Democracy & Harms Children »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Bulb Security

Bulb Security

Whether your internal red team or penetration testing team needs training, or you lack internal resources and need an outsourced penetration test, Bulb Security can help.

Vertical Structure

Vertical Structure

Vertical Structure services include Security & Penetration Testing, Information Assurance, Bespoke Training Programs and Secure Hosting.

Allegro Software

Allegro Software

Allegro provide secure software for the Internet of Things.

Atea

Atea

Atea is the market leader in IT infrastructure for businesses and public-sector organizations in Europe’s Nordic and Baltic regions.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

42Gears

42Gears

42Gears is a leading Unified Endpoint Management provider. Secure, monitor and manage tablets, phones, desktops and wearables.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

ThreatSwitch

ThreatSwitch

ThreatSwitch a software platform for cleared federal contractors to get and stay compliant with NISPOM and Conforming Change 2.

Liongard

Liongard

Liongard automates the management and protection of modern IT environments at scale for IT MSPs - Managed Service Providers and Enterprise IT Operations.

BitNinja

BitNinja

BitNinja provides full-stack server security in one easy-to-use protection suite. Enjoy real-time protection, automatic false positive handling and threat analysis for more in-depth insights.

Talon Cyber Security

Talon Cyber Security

Talon delivers the leading enterprise browser designed to bring security to managed and unmanaged devices, regardless of location, device type or operating system.

Grove Security

Grove Security

Grove provides businesses with the tools that work best for their unique operations, through cybersecurity and cloud services, custom software development and our big data analytics expertise.

Fullstack Academy

Fullstack Academy

A trailblazer in bootcamp education, Fullstack Academy prepares students for fulfilling careers in tech through our NYC campus, online learning, and university partnerships.

Center for Information Security Awareness (CFISA)

Center for Information Security Awareness (CFISA)

CFISA was formed by a group of academics, security and fraud experts to explore ways to increase security awareness among audiences, including consumers, employees, businesses and law enforcement.

CertNexus

CertNexus

CertNexus is a vendor-neutral certification body, providing emerging technology certifications and micro-credentials for business, data, developer, IT, and security professionals.

BitLyft

BitLyft

BitLyft is a managed detection and response provider that is dedicated to delivering unparalleled protection from cyber attacks for organizations of all sizes.