The Cyber Essentials guide to backing up your data

Despite the best cyber security efforts, there is no such thing as a completely secure system. All organisations are at risk of a cyber-attack, accidental damage or a natural disaster.

Backing up your data means creating a copy of your information and saving it to another device or to cloud storage (online). Backing up regularly means you will always have a recent version of your information saved. This will help you recover faster if your data is lost or stolen.

The Cyber Essentials scheme consists of defensive technical controls.  They are the essential controls needed to minimise the likelihood of a successful cyber attack.  Data backup is not included as a mandatory requirement in Cyber Essentials because it is not a defensive control, however, it becomes essential in the event of a successful cyber attack.

So, although backing up is not a technical requirement of Cyber Essentials, it is, none the less, extremely important to back up your data files and test that your back-ups work.  For this reason, backup is being included as a recommendation in the Cyber Essentials scheme. 

 

Backing up data and restoring from back ups

 

Regularly backing up information and having the ability to restore the backup is the backbone of resilience. This valuable practice may be one of the most effective methods of protecting your business from the effects of accidental or malicious tampering such as deleting data, hardware failure, or ransomware. It is good practice to keep at least three copies of your information using different back-up solutions and locations.

  • Keep your back-ups in a different location from your network and systems, with one back up kept off site. This is in case there is an incident e.g. theft, fire, or flood at one of your premises.
  • Cloud storage is a perfect solution, so long as your cloud service provider saves your files as immutable versions each time there is a change. Most file sync and share solutions ( Drop Box, OneDrive, iCloud) allow users to work on files locally and sync changes immediately to the cloud. In the event of a ransomware attack, the maliciously encrypted files would sync to the cloud storage and render the data in the cloud unusable as well. Check with your cloud service provider that your storage solution has versioning enabled and includes data recovery features to guard against ransomware attacks.
  • Cloud storage services often have an ‘automatic backup’ feature which means it will regularly save your information into cloud storage without you having to remember.
  • Make sure that the devices containing your backup (such as external hard drives and USB sticks) are not permanently connected to your network, because ransomware attackers often target backups which they find connected.  Criminals know that if an organisation has a working backup, they are less likely to pay the ransom.
  • Back up your important files on a regular basis, this will depend on your business. Daily backups are considered good practice, but a minimum of weekly is recommended. Make sure that you know how to restore files from the backup and test that your back up system is working. One of the biggest causes of backup/recovery failure is relying on the accuracy of a successful back up report, but not practising the recovery process. For this reason, backups must be tested at least monthly to be certain that they can be used to restore systems or information.
  • Back up before implementing significant changes. If something goes wrong with the change you will be able to revert back to the last ‘working’ point.