A resilient backup is indispensable for every company. That’s why I’ve put together five tips here to help you create appropriate concepts.
I have observed that customers often perform backups on network attached storage (NAS). Therefore, the following tips focus exclusively on such systems, leaving out alternatives such as cloud or tape storage.
Tip 1: Server only as single host
A ransomware attack encrypts all data accessible on the network. Therefore I recommend to run the backup server and repository as a separate host and isolated from the production environment. This will minimise the risk.
Tip 2: Server not in Active Directory
If attackers were once able to gain access rights up to the domain administrator, the backup server is often the first target of the attack. The attackers often want to cause maximum damage to their victim and therefore destroy all backups first. In the case of a ransomware attack, the only option left to those affected is to pay the ransom demanded. Therefore I recommend not to integrate the backup server into the Active Directory.
Tip 3: Use second medium
An additional backup to a second medium is generally recommended. However, these have a different service life. It is therefore crucial to always distribute backups to different media.
Tip 4: External and offline backup
Should all the ropes break and the entire IT environment be encrypted or destroyed by a natural disaster, there is a last resort: outsourced offline backup. A second medium, which is outsourced and stored offline outside the company’s own office premises, is suitable for recovery in such accidents. If the backup is running on network storage and cannot be regularly swapped out, at least one valid backup should be physically offline. While this does not protect against natural disasters, it does help in the event of a ransomware attack.
I remind you of the 3-2-1 rule here:
You should make at least three copies of every important file.
These copies should be kept on two different storage media.
At least one copy should be kept in an external location.
Tip 5: Test the restore operation
Many companies forget or ignore this point: the recovery should definitely be tested. A flawlessly and securely running backup is of no use in the end if the restore does not work properly for some reason. Possible causes can be faulty configurations, design errors or software bugs.