Split-screen-image
Ransomware Protection
Ransomware Protection

Safeguarding Your Critical Data from the Ransomware Threat

January 1, 2022

Best practices for backup and recovery.

Ransomware happens. Be prepared.

Think a ransomware attack can only happen to someone else?

Ransomware attacks are on the rise and targeting organizations of all sizes and industries.

Given the value of data to business today and the alarming rise in cyberattacks, securing and protecting critical data assets is one of the most important responsibilities in the enterprise.

To help you fulfill this essential mission, we’ve pulled together some best practices to help you lock down your data and reduce the risk posed by ransomware and other security breaches. 

Follow the 3-2-1 rule

Creating a robust backup, copy and archival strategy is an essential first step for protecting your most critical data and systems.

A traditional approach is the 3-2-1: rule:

  • 3 copies of data
  • on a minimum of 2 separate storage solutions
  • with 1 medium being offsite/alternate location or in the cloud

While this is still a good approach, it’s critical to carefully select the types of backup targets you 

use with this kind of approach.

Put a WORM to work

WORM

One of the most useful ways to safeguard backup data is to implement a copy or archival strategy that incorporates a WORM (Write Once, Read Many) capability. Nearly every cloud-based or on-prem object storage solution offers this capability.

BLOB

WORM is designed to provide data immutability, meaning it is unchangeable. The technology implements a retention policy that prevents data from being overwritten or deleted for a period of time you specify. An Object Storage bucket or Azure BLOB (Binary Large Object) container are great options for copy or archival backups.

Dare

When considering cloud storage providers, look for one that offers security measures such as DARE (Data-At-Rest-Encryption), secured transport technologies (VPNs and HTTPS/TLS), and the AES 256 encryption for data destined for cloud targets.

Cover your on-prem bases

There may be situations where on-premises NAS (block) storage options are used for initial backups, before copy and archival. These demand special consideration.

NAS appliances typically employ standards like NFS (Network File System) or SMB (Server Message Block). Without additional enhancements to your backup system and/or network safeguards, these standards can be vulnerable to attack.

A best practice is to ensure primary storage targets are dedicated for backups and are not used and mounted to other systems. In addition, look for a backup and recovery solution that offers detection, notification and prevention features to help safeguard your initial NAS backups.

Create smart policies

Another best practice is employing a policy-driven approach to protecting critical VMs, data, and applications.

This requires some careful thinking about setting the proper policy options around snapshots, backups/copies/archives, data retention, and RPO (Recovery Point Objective)/RTO (Recovery Time Objective). Make sure your backup and recovery solution offers the ability to easily establish and enforce policies to ensure your applications and data are protected with the right degree of consistency.

Backup and recovery policies are not a “one and done” proposition. Things change, so revisit policies on a periodic basis to ensure they continue to meet the needs of the organization - and the evolving cyber threats.

Secure network access

  1. Based on your selected target, consider the following:
    If using an NFS target for primary backups, be aware that appliance may require a whitelist setting to permit traffic to the network storage from your backup solution.
  2. If you opt for an SMB target, you will need to configure an account with access to a share that you create. It is also important to disallow (or not improperly allow) any unauthorized network access to your backup data share - and do not attach it to other machines in your environment.
  3. For cloud object storage targets, you will need to configure accounts and/or secret/access keys to grant access. Then decide if you need an encrypted high-speed isolated connection (configured with peered connection points and appropriate routes), a site-to-site VPN connection, or if you can simply go over the public internet with HTTPS/TLS.
  4. Other common sense measures include not permitting internet access to servers, paying close attention to admin workstation hygiene and selecting storage targets that provide anti-ransomware features. For added protection, look for a backup and recovery solution that allows use of a customer or provider-generated PKI (Public Key Infrastructure) certificate.
  5. If you select an iSCSI target, consider enabling/configuring CHAP (Challenge-Handshake
    Authentication Protocol) on the target and on your backup solution

Don’t wait until it’s too late.

eclipse
Follow us
eclipse
insights

You might also like...

Backup as a Service
Backup as a Service

Secure Your SaaS: Best Practices for Resilience and Visibility

April 8, 2024
Read more
Backup as a Service
Backup as a Service

Empower Your Data Security: HYCU and OwnData Expertise Unveiled

April 4, 2024
Read more
Data Protection as a Service
Data Protection as a Service

Embracing World Backup Day: A Pledge To Data Protection

March 29, 2024
Read more

Get started today

Seriously, you really need to experience HYCU to believe it.

Try HYCU for FreeRequest a DemoBuild on R-Cloud
R-Cloud NEW
Development Platform
HYCU Backup
OverviewNew at HYCU
Data Protection
Backup & RecoveryDisaster RecoveryData Migration & MobilityHybrid & Multi-CloudRansomware ProtectionSecurity and Compliance
Industries
Federal
Public Cloud
AWSAzureGoogle Cloud
Private Cloud & Data Centers
NutanixNutanix MineVMwareDell PowerScale (Isilon)NetApp ONTAP
As-a-Service NEW
Microsoft 365Google WorkspaceGoogle Kubernetes EngineSee All →
Apps & Databases
SAP HANAOracleSee All →
About
LeadershipBoard of DirectorsCareersResourcesContact Us
Global Partner PACE Program
Find a ResellerResellersService ProvidersAlliance & Technology PartnersReferralsBecome a PartnerDeal Registration
Get Help
Support
Customers
Case Studies
Get Started
Free TrialRequest a Demo
Follow
© 2024 HYCU. All Rights Reserved.
LegalTerms of UsePrivacy PolicyPrivacy Manager