Don’t Let Malicious Software Hold Your Data for Ransom

Ransomware is a growing threat, but a simple solution exists to thwart attackers: effective backup. Here we offer tips for an effective backup plan.

Ensure you have an enterprise-grade automated backup solution as an insurance policy in case of an intrusion such as a ransomware strike occurs. Constant, automated backups across devices and desktops in remote locations of your organization provide a secondary store of data as a fallback mechanism in the event of a malicious attack. If you don’t already have a backup solution in place, this step alone offers not only backup and peace of mind, but also information governance. Having a cloud-based backup solution provides offsite storage—and peace of mind.

If your teams are distributed across regions, make sure that your current backup policy covers 100 percent of your user base. Review and validate the deployment scope of your current backup plan to ensure that your chosen backup solution is deployed automatically to all end users. At the very least, you should ensure key users are covered by your data protection policy.

Be sure to know exactly what your backup plan includes. Outside of protecting desktops and email, does your plan include user profiles, user-specific system and app settings or user-created custom folders? You should review, validate and, if needed, modify backup content to ensure that all important data for protected users is being backed up. This may require the expansion of the scope of your backup plan.

Review, validate and modify backup frequency, if necessary, to ensure automated, periodic backup for all protected users. As a general rule, it is highly recommended that backups occur at minimum of once every four hours, and every two hours for key users.

How long are you keeping your backups: 14 days? Seven weeks? Six months? Review and validate your retention policy to ensure a sufficient recovery point objective (RPO). This may vary depending on your particular industry and regulations, and internal IT policies. IT, legal and compliance teams will make the call on data retention needs.

While these measures may be sufficient protection for the foreseeable future, revisit your backup policies periodically (approximately once every six months) to ensure they are aligned with your organization’s requirements. IT often has the primary responsibility for this routine, and in some cases acts in coordination with the legal team.