Office of the Chief Information Security Officer

June 11, 2021

Back up your backups

It’s likely you’ve thought about backing up your data.

But do you ever think about backing up your backups?

As we noted on World Backup Day, the ever-increasing threat of ransomware is one great reason to keep your data, computers, phones, information systems, and critical information assets backed up. It’s important to use multiple methods or formats to back them up, and to ensure that at least one backup is not connected to your computer–because backups that are attached can become infected by ransomware and other forms of malware.

A good strategy for backups is the 3-2-1 rule. It says there should be at least:

  • 3 copies or versions of data,
  • Stored on 2 different pieces of media,
  • 1 of which is off-site.

But ransomware isn’t the only reason for backups. As noted by Paul Ducklin in this Naked Security blog post:

“A regular and reliable backup process will protect you from unexpected data loss of any sort, including cases–as many people will have experienced when coronavirus lockdowns started and they couldn’t get back into the office–where your data isn’t lost, but you can’t get at it anyway.”

Besides backing up data in multiple forms, make sure your backups are:

  • Stored offline,
  • Encrypted,
  • Can only be accessed with multi-factor authentication,
  • And can be restored within a reasonable amount of time.

And be sure to test your restoration process before a catastrophe strikes.

More information

Paul Ducklin’s Naked Security post

NetworkWorld: For secure data backup, here’s how to do the 3-2-1 rule right

UW CISO Resources

Ransomware online training

Malware and Ransomware Risk Advisory

World Backup Day infographic

More News & Alerts