The good news about backups seems to be that more and more companies are taking the matter seriously, and not only making backups that remain intact after disaster strikes, but also recovering successfully when needed. In the Sophos State of Ransomware 2021 Survey, 57% of companies who had the misfortune to get hit by ransomware were able to recover their data and get their business running again via their backups.
The bad news about backups, however, is that we still had 32% of ransomware respondents who were stuck with paying the criminals instead, which not only increased the cost of getting their business on its feet again, but didn’t work reliably anyway.
On World Backup Day Sophos shares 5 tips for home users and small businesses
- DECIDE WHICH DATA IS CRITICAL, AND PROTECT IT PROPERLY
It’s OK to decide that you aren’t going to back up everything all the time, but you should make a list of the data you need to keep safe, and a rota that lets you keep track of when you last backed it up. If you have a process you use to ensure you pay the household bills regularly, use that system to keep on top of your backups, too. You don’t need a high-tech system: even just adding a visible weekly check-box to the calendar in your kitchen wall is a good way to do it.
- REMEMBER THE 3-2-1 PRINCIPLE
The 3-2-1 rule suggests having at least three copies of your data, including the master copy; using two different types of backup, so that if one fails, it’s less likely the other will be similarly affected; and keeping one of them offline, and preferably offsite, so you can get at it even if you’re locked out of your home or office.
- DON’T LEAVE BACKUPS WHERE CYBERCROOKS CAN FIND THEM
Many people keep backups so they are always online, such as in a live cloud storage account or on a network-attached storage (NAS) device. But if your backups are accessible online, they’re also accessible to any crooks who compromise your account or your network. Indeed, ransomware crooks make a point of searching for online backups and wiping them out as part of the attack, hoping to force you into paying up.
Remember the 3-2-1 rule: think of online snapshots and real-time backups as just one of the two backup types you keep, and make sure you always have at least one other backup that’s offline. Whether you’re at home or at work, remember to unplug offline backup devices and put them somewhere safe unless you are in the process of backing up or restoring, and remember to logout explicitly from cloud backup accounts when you aren’t using them.
- DON’T MAKE BACKUPS THAT EVERYONE CAN READ
Encrypt your backups so that if they’re lost or stolen, the thief can’t simply read out all your precious data for themselves. Windows has BitLocker, Macs have FileVault, and Linux has LUKS and cryptsetup, which can be used to create encrypted drives and partitions.
There are also numerous archiving tools, some free and open source, that can create encrypted backup files, such as WinZip and 7-Zip.
Note that FileVault and BitLocker are proprietary to Apple and Microsoft respectively, so you will need a matching operating system setup to restore your data. Also, BitLocker for removable drives isn’t available on home-user Windows versions. You’ll need to upgrade to Windows Pro for that.
- LEARN HOW TO DO THE “RESTORE” PART OF THE PROCESS
We’ve helped numerous people over the years who made backups regularly and carefully, but weren’t able to get back the files they wanted when they needed to. Ironically, none of these cases happened because the user forgot or lost their decryption password – they simply weren’t well-practised enough in using the restore process to do it reliably, or even at all. Don’t be one of those people!
BONUS TIP. DON’T PUT IT OFF UNTIL TOMORROW
We’ll finish as we started: The only backup you will ever regret is the one you didn’t make.