Ransomware-resilient backup from Mimecast
Backups are a critical line of defense against ransomware attacks, but hard drives and external storage can be clunky and inconvenient. Cloud-based backups, while more efficient, can be a target for cybercriminals, too, if not properly secured.
Solutions like Mimecast’s cloud backup and recovery for email help to protect backups from ransomware and allow your organization to recover quickly without massive data loss or disruptions to business.
Ransomware backup best practices
Before we explore ways to protect backups from ransomware, it’s worth taking a moment to discuss best practices for creating backups in the first place.
- Focus on the end goal: The ultimate purpose of a backup is to use it to effectively restore business operations without significant data loss. Consider the end goal as you begin creating a ransomware backup strategy.
Once you determine what critical business operations you’ll need to restore in the event of an attack, you can begin to build a backup process to make it possible.
- Backup like you’ll be attacked: According to Mimecast’s State of Email Security report, 75% of businesses suffered a ransomware attack last year. Those businesses experienced an average of six days of downtime. Ransomware attacks are no longer an “if” but a “when.”
Preparation is critical, and choosing the right partner to back up your email data puts you one step ahead of cybercriminals. Plus, properly stored and encrypted cloud-based backups are more difficult for cybercriminals to find and breach.
- Create a multi-pronged approach to fend off ransomware attacks: Backups are a great step in protecting your organization from ransomware. But it’s not going to solve the problem alone.
It’s critical to look at more preventive approaches to combat ransomware, like software that scans incoming emails for malicious attachments or Security Awareness Training to get employees involved in keeping your organization safe. Even more critically, having a cybersecurity ecosystem of partnerships designed to deliver end-to-end ransomware protection decreases the likelihood of its ability to move through your environment.
In the event of a successful breach, implementation of these backup best practices gives your company a better chance for a low-impact ransomware event with a speedy, full recovery.
Ransomware backup strategies
Here are eight ways to protect your organization’s backup data from ransomware attacks.
1. Develop a disaster recovery plan
Disaster recovery plans (DRP) are process documents that outline how a business responds to anything that could negatively impact systems and regular business operations. Weather events, human error, hardware failure, and cybercrimes like ransomware are all instances where a company needs to fall back to its DRP to restore systems.
A well-crafted disaster recovery plan includes a plan for protecting backups from ransomware. It addresses questions like:
- What data will the organization back up? Organizations create tons of data, and it would be virtually impossible to back up every system 100%. That’s why it’s important to assess what the business most needs. For many organizations, email proves to be one of the most critical data points that need to be quickly restored and should take priority when considering what to back up.
- How frequently will data be backed up? Choosing a backup interval enables you to understand your maximum potential data loss. If you back up once per day, your maximum loss would be 24 hours of company data. A shorter backup interval could cut down data loss dramatically to only a few hours. Mimecast offers cloud backup and recovery solutions for email that automatically syncs up to six times per day.
- Where will data be stored? Traditionally, backups were stored in hard drives on-premises. This has the major advantage of storing data completely offline, making it completely inaccessible to cybercriminals.
But as organizations move to remote work and expand to more office locations, cloud-based storage becomes much more convenient.
Today’s cloud-based storage solutions make it possible to store large amounts of data completely off-site or take a hybrid approach to data storage, leveraging elements of cloud and on-premise storage, all while keeping data protected from ransomware attacks.
- How will the data be secured? Based on the sensitivity of the data being stored, it should be backed up with comparable security controls. For example, data containing protected health information (PHI) needs to be compliant with regulatory agencies such as HIPAA or GDPR.
- How frequently will the organization test backups? The disaster recovery plan should outline an interval in which the company will test backups. Annual tests are common for companies, with other tests happening ad hoc if there are major changes to the company hardware or software solutions.
2. Keep at least one backup offsite or offline
Aside from actually implementing backups, the most important aspect of protecting backups from ransomware is making sure they can’t be breached. Keeping a backup offline or physically offsite is one of the best ways to ensure there’s no way ransomware can touch them.
3. Store backups in multiple locations
Whether you use physical locations or cloud-based data centers, it’s critical to keep data in more than one place. Redundancy is a core component of disaster recovery as it ensures system reliability through duplication. Keeping backup data in multiple locations means even if ransomware corrupts one backup, the company has others to fall back on.
4. Choose a reasonable backup interval
The right frequency to backup data is “as frequently as possible within reason.” Of course, it depends on your storage capacity, the systems you have in place to create backups, and the amount of data your organization generates.
If you’re a small business with a few employees, maybe you can afford to backup once per day. Large enterprises with thousands of employees may find more frequent backups better support the business continuity goals.
5. Regularly perform software updates
Ransomware looks to exploit vulnerabilities in your system, and few things make systems easier to exploit than failing to perform regular software updates. Since the data you backup needs to be the cleanest and most recent available, it’s critical that all systems are regularly backed up and kept on the most up-to-date version.
Otherwise, restoring data from previous system versions could cause an import to fail.
6. Educate employees on backup protocol
Backups happen on individual employee machines, your organization’s email system, and your broader infrastructure. Unless your organization has automatic cloud backups for employee information, it’s important to educate employees on the importance of backing up their data using a physical drive or cloud-based solution.
Training courses, like Mimecast’s Security Awareness Training, can educate employees on the importance of backup data and how to do their part to prevent ransomware attacks from happening.
7. Limit employee access to backups
It’s smart to restrict access to backups to a few individuals or one system account. Fewer people with access to the credentials means less opportunity for human error in compromising the password.
8. Test backups
Simply backing up your data is great, but it means absolutely nothing until a team can use that backup to restore system access. The ideal situation would be to automate your system recovery. That means putting the necessary code in place to push a button and automatically retrieve and restore the latest data.
If your team doesn’t have the capacity to perform regular tests, you can always outsource backups to a vendor like Mimecast. They can work with you to keep backups safe from ransomware and enable fast recovery of email mailboxes, contact lists, calendars, and personal folders in the event of an attack.
Keeping backups protected from ransomware
Data loss following a ransomware attack can have significant financial and operational impacts on a company. Reducing the time to recovery is critical, and partnering with a software solution like Mimecast enables your company to recover fully, faster.
Check out Mimecast’s email backup and recovery solutions to learn more about how you can protect your organization’s backups from ransomware.
Enterprise ransomware protection for businesses
The best enterprise ransomware protections for enterprises can adapt to meet challenges unique to large organizations. Mimecast specializes in meeting these challenges for enterprises, and keeping you informed on the latest ransomware threats and how to protect against them. With that in mind, we offer fully customizable solutions for your organization, schedule an email security demo to see how Mimecast can integrate with your organization.