What is World Backup Day?

Tony MasonCyber Security, Data Backup, Data Protection, Microsoft 365 Security

World Backup Day, established in 2011 by a Reddit Group, is celebrated annually by the backup and tech industry all over the world.  It serves as a crucial reminder for both businesses and individuals to safeguard their data. Highlighting the importance of protecting data and keeping systems and computers secure. It encourages the creation and maintenance of backup copies to protect against potential data loss due to threats such as hackers or equipment malfunctions.

World Backup Day is 31st March, perfectly timed before April Fool’s Day. Reminding us that we’d be fools not to back up our data.

Since the pandemic and move to hybrid working, many companies feel that their data is less secure than pre-pandemic.  IT managers are worried that sensitive data is being saved on local machines, hard drives and cloud storage.  It’s no wonder that so many organisations have had at least one data breach.

Why is Data Backup so Important?

Having said this, more people are backing up their data year on year. However, many have still suffered a data loss.  Data can be lost via cyber threats such as ransomware & viruses but can also be device failure or simply human error.

Attackers are also known to specifically target backups, making it harder to recover your data. This leaves companies with no option but to pay ransoms.

Securing your data is vital to the survival of a business.  Not only from a business continuity point of view, but also from integrity and trust with customers & to maintain a business’s reputation. Therefore, companies need to create data backups as well as enforce data retention processes. 

Data Backup can protect you against cybercrime, ransomware and data loss.  It can also save you time and money from a management point of view as well as data recovery time after a data loss.  Plus, it can help you stay compliant.

Know Your Data

To start the process, it’s important to get a thorough understanding of your data.  What do you have, what’s critical and where is it stored?  It’s also important to understand your compliance requirements, policies that govern the data & its retention. Businesses should have a data protection strategy, put processes in place and communicate these to the business.  Then ensure these processes are adhered to.

Restoring Data

The primary goal for data recovery after a cyber attack or loss of data, is to restore all the data.  However, secondary to this is the speed at which this can be done.

Therefore, it’s well worth moving from traditional tape or disk based back ups to modern cloud storage, enabling you to get up and running with minimal impact. 

You’ll also want regular recent backups so you can take off where you left off with as little data loss as possible. 

Having an immutable storage means no changes can be made; no corruption, deletion, modification or encryption of your files, providing you with restored data as soon as possible. It also means hackers won’t have leverage over you by holding your data at ransom or encrypting it.

Data Backup

National Cyber Security Centre (NCSC) New Principles For Ransomware-Resistant Cloud BackUps & Suggested Implementations

Having assisted many organisations where their backups have been compromised, the NCSC have come up with a set of new procedures which lay out best practice to make sure cloud backups are more resistant to ransomware.

They describe the features a service should offer for backups to be resilient to ransomware actors.  Be a Harder Target

Principle 1 – Backups should be resilient to destructive actions

Ransomware attacks look to destroy backups, so organisations cannot recover without paying the ransom. Therefore, the backup service should be resilient to attempts to destroy backup data including malicious editing, overwriting, or deleting:

  • Block any deletion or alteration requests for a backup once it’s been created.
  • Offer soft-delete by default – but monitoring is needed during the allowed review period.
  • Delaying implementation of any deletion or alteration requests – alerts need to be set up in a monitoring schedule. However, system owner needs to be confident that alerts will be successfully delivered if their infrastructure is compromised.
  • Forbidding destructive requests from customer accounts – all exceptional destructive requests must be authorised out-of-band using a pre-agreed mechanism between the customer and the backup service.
Principle 2 – A Backup system should be configured so that it isn’t possible to deny all customer access
  • Allowing customer access to the backup service, even if all existing corporate IT systems and assets are unavailable. Agree a separate out of band mechanism.
  • Forbidding any IAM policy that restricts access to a single account within an attacker’s control.
Principle 3 – The service allows a customer to restore from a backup version, even if later versions become corrupted
  • Providing mechanisms so that system owners can test whether they can restore from the current backup state. Test regularly as part of a regular monitoring process.
  • Storing backup data according to a fixed time period.
  • Creating and retaining a version history – so you can restore from a previous healthy version.
  • Offering flexible storage policies
Principle 4 – Robust key management for data-at-rest protection is in use.
  • Offering an out-of-band key backup option – commit a master key to paper, maybe QR Code, & held in a safe.
Principle  5 – Alerts are triggered if significant changes are made, or privileged actions are tempted.
  • The service offers a wide range of customisable alerts – monitor activity that affects the backup system.
  • Significant changes to how the backup system behaves or is accessed require extra authorisation and should automatically initiate extra protective monitoring.

For the full report see here: https://www.ncsc.gov.uk/guidance/principles-for-ransomware-resistant-cloud-backups

For immutable cloud backup for M365, Azure AD, Salesforce, Google Workspace, Dynamics 365 check out Keepit: https://www.s3-uk.com/wp-content/uploads/2024/03/Keepit-for-Microsoft-365-Product-Sheet-S3-Ltd.pdf