In our first installment, we discussed the importance of backing up your data. Without a good backup, chances are you might never see your data again after a data loss event. The next step in your preparation to defend against ransomware is to protect your backups. This means that you need to perform basic, yet important steps to secure your backups and ensure their reliability.
First, you need to keep a copy of your backups off premises. This is in case a disaster hits the physical building where the primary backups are.
Second, make sure your backup files are secure. This means that only essential users and groups have access to the backups. In most cases, access should be limited to the backup application service account.
Third, you need to ensure that the security you have set on your backup folders and files remains unchanged. If an attacker gains access to your backups, the files within them can be copied, altered, or deleted. So to prevent undue access to backups, you need a solution that can monitor any changes that occur to the access control lists (ACLs) of your backups.
Log360 and FileAudit Plus are two effective ways you can monitor changes occuring to the ACLs of your files and folders.
Finally, you need to know about every successful and unsuccessful access to your backups. In nearly all cases, backups are not touched until they are used, tested, or purged. Any other access could mean a potential attack or loss of integrity of the backups.
Again, Log360 and FileAudit Plus can help you monitor any and all access to your backups.
Stay tuned for our next installment, where we will continue to give you direction on how to defend against ransomware.
If you want to see for yourself how Log360 and FileAudit Plus can notify you of ransomware attacks, you can download these products below.
