Data Is Your Most Valuable Asset. How Are You Protecting Yours?

Uploaded on 2021-10-05 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Resilience

Ransomware is increasing exponentially, year on year, as hackers realise that they can use your most significant asset against you.

Having the ability to back up your data is a necessity, not just due to nefarious actors potentially locking you out of your systems by deploying Ransomware, but also to protect you if your data is lost or corrupted due to human error, system failure or natural disaster.

A secure BackUp offers peace of mind and reduces the risk to your business, see it as an insurance policy for data.

So, What Is BackUp?

BackUp is the ability to create a copy, or duplicate, of data and store it in a different location, such as Cloud, external hard drive, disk, or removable storage facilities. This can then be used to restore any data loss, deletion and corruption or, to recover data from an earlier time.

The National Cyber Security Centre recommends keeping multiple BackUps and to logically separate them - three copies stored on two different media, with one off-site.

But Is BackUp Enough?

To protect business-critical data, you need an integrated approach of cyber protection, extending your backup capabilities with features such as next-generation anti-malware and endpoint protection with control.   The latest backup solutions provide a wide range of protection outside the fundamentals of copying data. One such area is immutable storage, which ensures your data can never be changed by a Ransomware program, meaning it will always be available to you whatever the incident. Unfortunately, not all BackUp solutions provide this, which means you will never know where the malware is within your data, nor can you use your data for fear of the malware launching.

Another feature of these advanced backup systems is integration and automation to on-premises servers and endpoints, such as laptops and PC's, to provide increased productivity for IT support staff, as many of the day-to-day tasks are managed by the system and will reduce operating costs and complexity, giving a real return on investment. Furthermore, deploying endpoint controls can provide a full backup of an endpoint and if it malfunctions, a new unconfigured device can be shipped to the user and operating system with all of the data and company policies automatically configured remotely, by the central backup server. This brings the user back online quickly with minimal hassle for the IT department.

Securing all endpoints with next-generation cyber protection is proven to minimise the risk to the business. It dramatically reduces security incidents and breaches keeping the organisation compliant with the many data protection legislations in force. 

Working Alongside BackUp Is Disaster Recovery

Disaster Recovery focuses on the protection and restoration of data, files and systems should the worst happen to your business infrastructure and is a key element to the three pillars of cyber security - confidentiality, integrity and availability.

The main purpose of disaster recovery is to bring operations to a normal operating state with minimal data loss, recovering individual files, applications, systems, and access credentials, thus limiting business disruption. However, 70% of businesses are likely to suffer from business disruption in 2022, due to unrecoverable data loss, inability to trade/invoice for an extended time and even loss of market share.

When considering the value versus cost-benefit of a Disaster Recovery Plan you need to consider two things:

 1.  Recovery Point Objective (RPO): the last date a BackUp was taken and the decision as to how far back you want data to be made available. This will require you to consider the frequency of the backups required to run your business (once per day/every hour etc.) and the amount of storage needed to hold the data.

 2.  Recovery Time Objective (RTO): How long your business can operate without access to data or systems. Can the business survive for days or weeks or, do you need recovery in hours? This helps decide where the backed up data is held and if the connection to it can provide the speed of transfer needed to meet the RTO.

These two baselines will help you decide on how much data you are storing, how long it will take to install new servers/endpoints, the time needed to transfer your backed-up data onto the new servers/Endpoints and, to system test.

Having a robust disaster recovery solution can save a company tens of thousands of pounds and can be the difference between survival or business closure.

A common belief is that moving data to one of the global cloud service providers will provide all the backup and protection the business needs. However, none of the global players provide any guarantee about data recovery following a network outage. All they guarantee is service availability. 
 
It is the data owner's responsibility to back up their data, even cloud-based email and drives, and make it available in a form that can be deployed on other servers, whether cloud based with the current vendor, or to a new vendor.

Data has value, and needs devices to access and use it. Therefore, it seems logical to put in place a service that can protect that data, wherever it needs to be, and make it quickly available to anyone who needs it, even if their device has failed or, in the event of having to evacuate from a building. 
 
Simply having a copy of the data is not sufficient, you must wrap it around with a system that can protect and support it, everywhere.

Colin Tankard is Managing Director of Digital Pathways

You Might Also Read:

How to Protect Your Files From Ransomware:

 

« Facebook, WhatsApp & Instagram Suffer Massive Outage
Facebook Weakens Democracy & Harms Children »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Synopsys

Synopsys

Synopsys delivers trusted and comprehensive silicon to systems design solutions, from electronic design automation to silicon IP and system verification and validation.

ASU Online - Information Technology Program

ASU Online - Information Technology Program

The Information Technology program at ASU Online provides you with the expertise to design, select, implement and administer computer-based information solutions.

CERT-PA

CERT-PA

CERT-PA is the national Computer Emergency Response Team for Italian government institutions.

National Cybersecurity and Communications Integration Center (NCCIC)

National Cybersecurity and Communications Integration Center (NCCIC)

NCCIC is a cyber situational awareness, incident response, and management center for the US Government, intelligence community, and law enforcement.

Intezer Labs

Intezer Labs

The only solution replicating the concepts of the biological immune system into cyber-security. Intezer provides enterprises with unparalleled Threat Detection and accelerates Incident Response.

CRU Data Security Group (CDSG)

CRU Data Security Group (CDSG)

CRU is a pioneer in devices for data mobility, data security, encryption, and digital investigation.

Cyber Security Challenge UK

Cyber Security Challenge UK

Cyber Security Challenge UK is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more people to become cybersec professionals.

CYE

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

Cyber Science

Cyber Science

Cyber Science is the flagship conference of C-MRiC, focusing on pioneering research and innovation in Cyber Situational Awareness, Social Media, Cyber Security and Cyber Incident Response.

Navixia

Navixia

As a leading Swiss IT security specialist, Navixia offers a global and pragmatic approach to information security.

QGroup

QGroup

QGroup has been re-designing the consultancy industry since 2012. We're a rapidly expanding group of consulting companies that deliver bespoke IT services including cybersecurity.

Shield Capital

Shield Capital

Shield Capital helps founders build frontier solutions in cybersecurity, artificial intelligence, space & autonomy for commercial and government enterprises.

SecurityGen

SecurityGen

SecurityGen is a global cybersecurity start-up focused on telecom security, with a focus on 5G networks.

Hive

Hive

Hive is a leading provider of cloud-based AI solutions to understand, search, and generate content, and is trusted by hundreds of the world's largest and most innovative organizations.

Digital Encode

Digital Encode

Digital Encode is a leading consulting and integration firm that specializes in the design, management, and security of business-critical networks, telecommunications, and IT infrastructures.

Heritage Cyber World

Heritage Cyber World

Heritage Cyber World is a one stop solution for all your security needs that brings together a team of security experts and analysts to deliver high-class security services.