As an organisation, it is necessary to have a good working backup system. Due to increasing cyber incidents, such as ransomware attacks, there is an increasing risk of data loss. Back-ups are therefore necessary to restore the systems quickly.

Depending on the size of the organisation, you can opt for a simple or a complex technical solution. The following points are always important:

  1. The backup plan

Document how the backups are made and maintained. Describe the technical aspects such as storage medium (USB drive; NAS; cloud); how this is organized and who is responsible. The following topics provide some guidance.

  1. The quality of the backup

Make regular backups of critical data and systems. And make sure that the working environment can be quickly restored from the backups. The more frequently backups are made, the less data will be lost if you are forced to restore. Your backups need to be up to date and the recovery tested regularly to ensure they’re working when needed. Practice shows that during incidents, companies were not always able to restore the system.

  1. The 3-2-1 rule (+1)

Is critical data stored in multiple backup locations?

It’s vital to have multiple backups and keep them separated. If one backup copy is compromised at least one other will remain secure. The most common method for creating a robust backup system is to follow the ‘3-2-1’ rule:  at least 3 copies, on 2 different devices and 1 off-site copy.  The off-site copy must be stored in another location as the live system. This strategy is popular because it is scalable with the growth of data and systems.

For increased security and a faster recovery, a second off-site copy is nowadays placed in the cloud in addition to the traditional single off-site copy. It becomes the 3-2-1+1 rule.

  1. Offline backup copy

Ransomware often encrypts not only the original data on the disk, but also the connected network storage drives containing data backups. Incidents show that ransomware also frequently compromises cloud storage locations with backups. Connect these backups only when necessary and keep 1 spare copy off-line at all times. This will prevent an infection from continuing from the system to all the backup copies.

Using cloud storage is safe as long as physical separation from your live environment is guaranteed. Crucially, when your offline backup is not in use, it must also be digitally disconnected. Unlike conventional backup storage, you can’t take your cloud storage offline by simply disconnecting it. Precautions need to be taken to achieve the same level of protection as a physical offline backup such as a portable drive. Access control to the backup copy needs to be carefully considered as well as identity management.


In addition of protecting your systems by firewalls, antivirus and other measures to prevent a hack, you must also be prepared that at a certain moment your defense fails and you are still hacked. It is strongly advised for all companies regardless of size, to set up a Business Continuity Plan where the backup plan is described.

Ewald Coenraad – Cyber Security Professional