Von Dr. Marc M. Batschkus
As much as networked computers give us the benefit of accessing almost anything anytime, they are also vulnerable to online threats and ransomware. Including this notion in the planning for Backup and data security helps to prevent calamities later.
What risks does ransomware pose for your Backup?
A copy of your files that is permanently online and connected to the network is at equal risk for ransomware attacks as the original computer it aims to protect. The Backup requires additional technical and policy layers of security to protect Backups from ransomware.
How to protect backups from ransomware
Tip #1 Be reasonable and cautious
Reasonable online conduct and careful consideration of links and files that we find in our mail are the first steps to protect Backups from ransomware. Any file that is sent and any link offered in an email can be part of a scam, phishing or directly transferring malicious program code. Check if you know the sender and if the mail and attachment makes sense.
Tip #2 Use tape for Backup
LTO-Tape has a built-in feature to protect against any network-transferred danger, the air gap between that tape and the network. Any tape that has been written and is not in the tape drive is safe from an online attack. Even a tape that is currently in the drive is safe since there have been no known attacks to tape drives as of now.
Tip #3 Offline media and rotate media
Disks, removable RDX disks, and tape can be disconnected from the host computer and network connection and rotated to be used only from time to time. This way, the time of possible infection is reduced dramatically, and the data that has been written on the medium already is safe.
It is important to create at least three data sets for all three stages of the rotation cycle:
- one for the present backup
- one for the offline state
- one for the transfer in between
The last data set is especially if it includes physical transport to/from a remote location. This is the only way to protect against errors, mishaps and accidents at each stage. Creating a schema that is followed through makes things more dependable and secure.
Tip #4 Keep highly sensible workstation(s) permanently offline
For highly critical production, it might be worthwhile to consider keeping a dedicated workstation offline altogether. This is the only way to avoid any online related danger at 100%. This has been good practice in highly sensitive areas, such as healthcare and finance, as well as industry and product secrets.
A Backup of a workstation or server with no network connection is safe as long as it stays disconnected from the network. Of course, the Backup should not be connected to any networked computer at any time to avoid infection.
Tip #5 Keep the network firewall as closed as possible
The configuration of the network firewall needs to be as tightly closed as possible. It needs regular checks and updates to cover against known attacks. Only keep network ports open if needed.
Tip #6 Protect your mail server
Most malware enters a company through email. Therefore, it is essential to protect your mail server and keep it updated.
Tip #7 Use different passwords
Everyone in the company should use different passwords for different services. This prevents misuse in case one service gets hacked and passwords exposed.
Tip #8 Use long passwords
The length of the passwords is essential (not the special characters). The longer the password, the better. This avoids brute force attacks that aim to test all possibilities.
Tip #9 Use VPN connections
Use a VPN and only VPN to connect to the company from a remote or home office.
Tip #10 Keep all firmware up-to-date
Firmware of any device on a network is a potential weak spot. Be it the router, the switch or any other device, regularly check for updates and known exploits of the respective device.
Conclusion
Many factors contribute to a secure network and IT environment. The most important ones concern human behaviour that can lead to calamities and costly counter-measures. Most factors involve technical processes and configurations. A thorough Backup strategy that keeps all your data in a safe place is essential.
