Make Full Backups of Essential Business Data

 

Facilitate a full, encrypted backup of your data on each computer and mobile device a minimum of once a month, shortly after a complete malware scan. Store these backups at a safeguarded, off-site location. Save your encryption password or key in a secure location separate from where your backups are stored. Multiple software applications will allow you to encrypt your backups.

 

With your backups in place, if a computer breaks, an employee makes an error, or a malicious program infects your system, you will be able to restore your data. Without backups, you will have to manually recreate your business information from paper records and employee memory.

 

It is mandatory to back up data such as:

- Word processing documents and electronic spreadsheets

- Databases, especially customer relationship management (CRM), financial, human resource (HR), and accounts receivable (AR)/payable (AP) files

- Product design and manufacturing data associated with or related to CAD/CAE/CAM, process plans, tooling and other inventory information, production scheduling, inspection, maintenance, bid data, work orders, scheduling

- Other operational technology (OT) data such as machine and process condition monitoring and analysis

- System logs and other information technology (IT) information

 

Don’t be afraid about the software applications; simply focus on the data. Store your backups on an external USB hard drive, other removable media, or a separate server. Use caution when picking a partner if you decide to store your data online and encrypt all data ahead of storing it in the cloud. Hard-drive backups should be large enough to hold all your monthly backups for one year. Create split folders for each computer so you can copy your data into the appropriate folder on the external drive. After your backups are complete, test them instantly to assure your efforts were successful.

 

Make Incremental Backups of Important Business Information

 

Plan automatic incremental or differential backups a minimum of once a week. Because they will only record information since your last backup, you may need to schedule them daily or once an hour, depending on the needs of your business. Think about how much information was changed or generated between each backup and the impact to your company if that information was lost. So many security software suites offer automated backup functions that will do this on a regular schedule for you.

 

Check always your storage capacity. You should be able to hold data for 52 weekly backups, so the capacity should be about 52 times the amount of data you want to store. Take caution to back up the data for every computer and mobile device.

 

For extra redundancy, store your backups in multiple locations, such as one in the office, one in a safety deposit box across town, and one in the cloud. Remember that incremental testing is just as important as incremental backups to make sure you can read your data and use that information in the event of a security breach.

 

Consider Cyber Insurance for Increased Recovery Capability

 

Like flood or fire insurance, you can obtain cyber insurance for your facility. These services can help you recover from an information security incident more promptly and effectively and may cover the cost of: 

- Cybersecurity expertise to assist in identifying the extent of damage caused

- Consultation to help investigate the incident and report it to the appropriate authorities

- Loss of revenue due to downtime

- Legal fees, fines, and penalties incurred

 

In regards to any partner, select a cyber insurance provider with care. Do your due diligence by researching the company, the services they provide, the type of events they cover, and their reputation for meeting their contractual agreements.

 

Assess & Improve Your Procedures & Technologies

 

Take an honest look at your processes, procedures, and technology solutions and assess what improvements you need to make to lessen your risks. Try conducting training or tabletop exercises. These scenario exercises can simulate a major event, which will allow you to identify potential weaknesses and readiness. Then you can make corrections as recommended.

 

TRONSERVE