security-hardening-for-backupsWhen I think about backups, I’m taken back to the good old days when all we had to worry was making sure we’d be able to recover if something went wrong.

The most vivid story that comes to mind is of Toy Story II—how an entire movie was nearly lost and backup drives saved the day.  So long are the days when all we had to worry about was being able to restore something (although this is still a critical part of your operations—clients are asking more often for proof that their backups are working and if you aren’t able to show validation, you might be putting your reputation and business at risk).

But right now, ransomware might be targeting your backups. Without some additional planning and precautions if you or your clients were hit by an attack.

They are going after everything.

Your local backups—those backups that are locally connected to an infected computer on your network. Once the ransomware is on your network, it will spread to external drives and file servers that are connected to that computer (along with other computers on the network of course).

Your cloud storage—think the cloud is blocking ransomware from hitting your cloud backups? Think again. Storage solutions that automatically sync with local files are easy targets. Plus, the virus can propagate through older versions of your files, rendering them useless.

System restores—even though Window’s system restore has features that allow you to fix crashed computers to restore to a workable state, it only preserves drivers, setting and file systems that Windows needs to run (none of which is your data). Attackers have developed ransomware that deletes auto backups that your system restore depends on (think restoration points and shadow copies).

Today, I’m not going to get into all the specifics on how to backup your data. Rather, I want to focus on how to harden them—make them more ransomware proof.

Over the course of running my MSP and then years of recovering hospitals from ransomware, I’ve found that paying attention to backups when thinking about your security is critical. It’s essentially your last line of defense in the event something happens. I don’t want you to have to go through piecemealing together attacked backups like my team had to painstakingly recover after major ransomware attacks.

If ransomware can infect your backups (like we already mentioned), what are the steps you can take right now to protect them?

Install port firewalls — protect your backups from unauthorized access through unsecured or untrusted networks.

Run network-based firewalls — by consistently using these, you will prohibit access to your backup software. It will also ensure that only selected hosts will be able to access your backup server.

Keep your backups offline — the less accessible your backups are to your network, the less likely they’ll be involved in an attack.

Encrypt your data — all data going in or out of your network—and connected devices—should be encrypted. This goes for data being backed up as well.

Monitor your backup systems — backup software should check in regularly in order to alert on unauthorized access, data leaks, or breaches.

Review your architecture — most organizations can get by with linear architecture. That doesn’t work for more complicated organizations. If you are planning to change pieces of your network architecture, best to analyze the full scope of your hardware and infrastructure capabilities. This means conducting a complete audit and using those results to decide on the most effective project and configuration for your needs.

Create a disposal system for unwanted or unneeded data — establish a company-wide policy for how and when your data should be disposed and by whom. This will limit your risks when it comes to creating more risk that your organization should by holding on to unnecessary information.

Run on-going penetration tests of your system — you can never be sure of everything going on in your security. One of the best ways of knowing your risks—especially when it comes to backup hardening—is to evaluate access through a penetration test (we do this regularly for our clients).

Prepare yourself — I cannot emphasize this enough. The more prepared you are for a ransomware attack, the more likely you’ll be able to recover unscathed. Develop a clear disaster recovery plan that you can actually test (at least annually). Determine your tolerance for what data you’re comfortable using and then determine how often you need to create backups to ensure recovery.

Keep in mind: if you don’t have a plan, you’ll likely never have one.

One last thought…

While ransomware does and will infect backups, the good news is you can lower your risks by taking precautions.