Data Is Your Most Valuable Asset. How Are You Protecting Yours?

Ransomware is increasing exponentially, year on year, as hackers realise that they can use your most significant asset against you.

Having the ability to back up your data is a necessity, not just due to nefarious actors potentially locking you out of your systems by deploying Ransomware, but also to protect you if your data is lost or corrupted due to human error, system failure or natural disaster.

A secure BackUp offers peace of mind and reduces the risk to your business, see it as an insurance policy for data.

So, What Is BackUp?

BackUp is the ability to create a copy, or duplicate, of data and store it in a different location, such as Cloud, external hard drive, disk, or removable storage facilities. This can then be used to restore any data loss, deletion and corruption or, to recover data from an earlier time.

The National Cyber Security Centre recommends keeping multiple BackUps and to logically separate them - three copies stored on two different media, with one off-site.

But Is BackUp Enough?

To protect business-critical data, you need an integrated approach of cyber protection, extending your backup capabilities with features such as next-generation anti-malware and endpoint protection with control.   The latest backup solutions provide a wide range of protection outside the fundamentals of copying data. One such area is immutable storage, which ensures your data can never be changed by a Ransomware program, meaning it will always be available to you whatever the incident. Unfortunately, not all BackUp solutions provide this, which means you will never know where the malware is within your data, nor can you use your data for fear of the malware launching.

Another feature of these advanced backup systems is integration and automation to on-premises servers and endpoints, such as laptops and PC's, to provide increased productivity for IT support staff, as many of the day-to-day tasks are managed by the system and will reduce operating costs and complexity, giving a real return on investment. Furthermore, deploying endpoint controls can provide a full backup of an endpoint and if it malfunctions, a new unconfigured device can be shipped to the user and operating system with all of the data and company policies automatically configured remotely, by the central backup server. This brings the user back online quickly with minimal hassle for the IT department.

Securing all endpoints with next-generation cyber protection is proven to minimise the risk to the business. It dramatically reduces security incidents and breaches keeping the organisation compliant with the many data protection legislations in force. 

Working Alongside BackUp Is Disaster Recovery

Disaster Recovery focuses on the protection and restoration of data, files and systems should the worst happen to your business infrastructure and is a key element to the three pillars of cyber security - confidentiality, integrity and availability.

The main purpose of disaster recovery is to bring operations to a normal operating state with minimal data loss, recovering individual files, applications, systems, and access credentials, thus limiting business disruption. However, 70% of businesses are likely to suffer from business disruption in 2022, due to unrecoverable data loss, inability to trade/invoice for an extended time and even loss of market share.

When considering the value versus cost-benefit of a Disaster Recovery Plan you need to consider two things:

 1.  Recovery Point Objective (RPO): the last date a BackUp was taken and the decision as to how far back you want data to be made available. This will require you to consider the frequency of the backups required to run your business (once per day/every hour etc.) and the amount of storage needed to hold the data.

 2.  Recovery Time Objective (RTO): How long your business can operate without access to data or systems. Can the business survive for days or weeks or, do you need recovery in hours? This helps decide where the backed up data is held and if the connection to it can provide the speed of transfer needed to meet the RTO.

These two baselines will help you decide on how much data you are storing, how long it will take to install new servers/endpoints, the time needed to transfer your backed-up data onto the new servers/Endpoints and, to system test.

Having a robust disaster recovery solution can save a company tens of thousands of pounds and can be the difference between survival or business closure.

A common belief is that moving data to one of the global cloud service providers will provide all the backup and protection the business needs. However, none of the global players provide any guarantee about data recovery following a network outage. All they guarantee is service availability. 
 
It is the data owner's responsibility to back up their data, even cloud-based email and drives, and make it available in a form that can be deployed on other servers, whether cloud based with the current vendor, or to a new vendor.

Data has value, and needs devices to access and use it. Therefore, it seems logical to put in place a service that can protect that data, wherever it needs to be, and make it quickly available to anyone who needs it, even if their device has failed or, in the event of having to evacuate from a building. 
 
Simply having a copy of the data is not sufficient, you must wrap it around with a system that can protect and support it, everywhere.

Colin Tankard is Managing Director of Digital Pathways

You Might Also Read:

How to Protect Your Files From Ransomware:

 

« Facebook, WhatsApp & Instagram Suffer Massive Outage
Facebook Weakens Democracy & Harms Children »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Security Brigade

Security Brigade

Security Brigade is an information security firm specializing in Penetration Testing, Vulnerability Assessment, Web-application Security and Source Code Security Audit.

Spanish National Cybersecurity Institute (INCIBE)

Spanish National Cybersecurity Institute (INCIBE)

INCIBE undertakes research, service delivery and coordination for building cybersecurity at the national and international levels.

Second Nature Security (2NS)

Second Nature Security (2NS)

2NS provide vulnerability assessment, penetration testing, security audit, application and network security and secure software development processes.

Protection Group International (PGI)

Protection Group International (PGI)

PGI helps organisations and governments to manage digital risk. From cyber security services to business intelligence, we help reduce the risks to your finances, reputation, assets and people.

Norwegian Business & Industry Security Council (NSR)

Norwegian Business & Industry Security Council (NSR)

NSR is a member organization serving the Norwegian business sector in an advisory capacity on matters relating to crime and security including cyber.

Cyber Affairs

Cyber Affairs

Cyber Affairs is the first Italian press agency entirely dedicated to cyber security.

ODSC

ODSC

ODSC is a security systems integrator that provides services and expertise in identity management and access.

ArcusTeam

ArcusTeam

ArcusTeam is at the forefront of the firmware and applications security industry, with a mission to increase the level of security on all IoT devices and applications.

SWAT Systems

SWAT Systems

SWAT Systems is an IT support and cyber security managed service provider.

DDLS

DDLS

DDLS is Australia's largest provider of corporate IT, process training and cybersecurity training courses and certification programs.

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

CyberCX

CyberCX

CyberCX provides services from strategic consulting, security testing and training to world-class managed services and engineering solutions.

SecureStrux

SecureStrux

SecureStrux are a cybersecurity consulting firm providing specialized services in the areas of compliance, vulnerability assessment, computer network defense, and cybersecurity strategies.

Digital Beachhead

Digital Beachhead

Digital Beachhead has the expertise to provide a range of Cyber Risk Management and other Professional Services with specifically tailored solutions at competitive prices.

Cybrella

Cybrella

Cybrella offers professional cybersecurity services for small to medium sized businesses and to larger enterprises looking to expand their cybersecurity capabilities.

Difenda

Difenda

Difenda Shield is a fully integrated and modular cybersecurity suite that gives your organization the agility it needs to implement a world-class cybersecurity system.