Cybersecurity: Creating a Back-Up Plan of Action

Alex Hamerstone | TrustedSec LLC

Every day, it seems there is another major news story about a company that has had an information security issue. What is interesting, however, is that security incidents have become so common that most don’t even make the news, and if they do, they may only result in a blurb in the local paper.

ID: 226838086; vs148/

When we think of cybersecurity, hackers and data breaches often come to mind, but there are three parts to the “information security triad:” confidentiality, integrity, and availability. While confidentiality and integrity are essential, availability is often the biggest issue for small and medium-sized businesses.

There are many organizations that will experience significant harm to their business if they are without their data and systems for even a few days. Thus, it is essential to be prepared in the event of a loss of data or systems. One of the most common ways to accomplish this is by ensuring that important business data and system configurations are backed up.

Backing Up Can Take Multiple Forms

There are multiple ways to back up systems, and as is the case with many other areas of technology, the cloud has made its mark here. There are many providers of cloud backups for both home users as well as enterprises. Cloud backups are, as the name suggests, stored in the cloud after being transferred to the cloud provider over the Internet. These backups can be set to run automatically, ensuring that your backup data is recent. Another advantage is that your data can be restored as quickly as your bandwidth allows.

If you aren’t ready for the cloud, physical backups are another option. While backup tapes still reign as the most common backup media, other storage devices can be used as well. The backup media can be physically stored on your premises or can be sent off-site for secure storage. Often, daily backups are stored on-site and weekly backups are sent off-site. This means that daily backups are available for common occurrences like accidentally deleted files, while weekly backups are housed in a more secure location. Keeping backups in a secure external location prevents a single disaster from simultaneously destroying your physical systems and your backup data.

The frequency of backups should be based on your organizational risk tolerance. If there is not a high volume of transactions, then less frequent backups may be appropriate.

If the computers used by employees are not automatically backed up, it is a good idea to have users save files to a network folder that will then be backed up. The biggest challenge with this is ensuring that users save files to the network and not only to their computer.

Backups in the Context of Common Attacks

Ransomware is a common attack, and one that shows no sign of slowing down. Ransomware is malware that encrypts whole computers or files, making them inaccessible without the encryption key. The ransom part of the name comes from criminals demanding a ransom be paid, after which the attacker provides the victim with the key to decrypt the data so the system can be used again. These ransoms are usually paid in the form of cryptocurrency, such as bitcoin. Ransomware is usually delivered through either email, usually in the form of phishing, or by taking advantage of vulnerable (often due to missing patches) software. There are varying opinions as to whether it is a good idea to pay the ransom, and because you are dealing with criminals there is no assurance that the decryption key will be provided even if a ransom is paid.


While there are a number of steps that organizations can take to make their systems less susceptible to ransomware, including user awareness training and certain technical controls, backups are one of the most important ways to ensure that your data remains available after the ransomware has been removed. Without backups, you are at the mercy of the attackers – unless it is a variant of ransomware where the decryption keys are publicly available.

It is important to store backups offline in a place not connected to your network, where attackers can’t get to them. Also, before restoring from backup, ensure that the ransomware is not contained in the backups, which will cause a reinfection when the backups are restored.

Other Considerations

As we continue to move to the cloud, make sure that you don’t mistake replication for backups. While replication is extremely valuable in the case of hardware failure or loss due to a disaster or other event, because replication creates an exact copy of the data, it means that deleted or corrupted files will be replicated, defeating the purpose of backups.

Backups are essential for recovering from a disaster, and two of the major factors in disaster recovery planning are recovery time objective (RTO) and recovery point objective (RPO). RTO is how long systems are unavailable following a disaster – for example, you may wish to have the data and systems available within a certain number of hours or days following the disaster or event. RPO refers to the age of the data in the backups used to restore the system, so if a disaster occurs at noon on Friday, and the RPO is 24 hours, then the systems will be restored to the way they were at noon on Thursday. The desired RTO and RPO are important decisions that must be considered together when developing a backup plan. Off-site backups may lead to a longer RTO, where cloud backups may be able to shorten this given enough bandwidth to ensure that data can be transferred quickly.

The best time to prepare for an information security incident, or a disaster, is before it happens, and one of the ways that you can increase resiliency is to make sure that your systems and data are backed up. Many organizations have found themselves in situations that were extremely expensive, or even put them out of business because they did not plan ahead.             

Alex Hamerstone is Practice Lead, Governance, Risk Management, and Compliance with TrustedSec LLC. He can be reached at

Photo Credit: vs148/