At JSCM Group we focus on cyber security. This is what our focus is and will be going forward. We don't want to be your MSP, VoIP vendor, PC support company, storage firm, or printer repair shop. We just want to focus on security and being the best testers in that field. One of the things we look for on our security assessments are the backups. Why?
Backups and Security are Closely Related
On the surface these two areas may seem unrelated, they are not. They are closely related. Data is essentially the root of what we are trying to protect in cyber security. If you think about it, everything we care about in business is data. Data is where the intellectual property resides. Data is where the confidential information lives. Data is the root of everything in your IT infrastructure. SAN's. servers, switches, routers, firewalls, desktops...are all there to get you access to data.
When cyber criminals break into your network, what do they want? Your data.
When they steal credit cards, what are they really stealing? Credit card data.
When your employees ID's are stolen, what are they stealing? Employee data.
Without cyber security controls in place your data will be corrupted when you get infected with malware. Ensuring a sound data backup solution is in place is an essential part of having a secure infrastructure.
Backups are Insecure
Many times during the course of a security assessment we discover that the data may be backed up, however, it is insecure. The data can be easily stolen if the cloud provider or the local backup device is broken into.
We just wrapped up an assessment where they were backing data up to a NAS (Network Attached Storage) and a cloud provider. The NAS device had default username and password setup on it, so that could be broken into in a matter of seconds.
The cloud provider they were using was one of these "Unlimited" backup providers. This client found out the catch. The software selectively didn't backup the main accounting directly. When they went to restore they found out the data wasn't there. They lost all of their accounting data.
Essentials in a Data Backup
These are the basic security-related things to look for in your data backup solution.
- Default passwords changed.
- Device/cloud provider is encrypted with a 2048 bit solution.
- The solution gives you revisions so you can restore from a specific date and time.
- The device is supported by multiple providers, in the event your current provider goes away.
- All of your data is backed up, not a selective backup where things can be missed.
- The backup solution is tested on a frequent basis.
If you do these six basic things you will go a a long way to projecting your backups from cyber risks.