Skip to content

5 Best Practices to Protect Backups From Ransomware

While data backups may seem safe from malware, this is simply not the case. However, they still serve as one of the best solutions for ransomware remediation, such as data recovery. In fact, 57% of organizations infected by ransomware managed to get their data back using their backups. The majority of the remaining organizations? They had to empty their pockets, unfortunately.

With ransomware attacks and remediation costing north of $600,000 on average, it’s crucial to have every area of your security posture updated and strengthened. The best starting point is to take a proactive approach and ensure you have a reliable backup that can eliminate the need to pay the ransom in the event of a ransomware attack or assist in ransomware remediation.

Here are 5 measures you can take to help protect backups from ransomware and keep your organization safe.


How To Protect Backups From Ransomware

1. Have a Ransomware Disaster Recovery Plan (DRP) 

There are already more than 1 billion malware programs in use, and it is believed that 560,000 new malware pieces are discovered daily. Not to mention the 493 million ransomware infections that were discovered by companies worldwide in 2022, and those numbers aren’t slowing down in 2023.

The first step you should take is to deploy a ransomware disaster recovery plan (DRP). You can think of this as your “playbook” for dealing with a ransomware attack. In the event of an attack, your whole team should be aware of how to execute your DRP in order to achieve a swift recovery and reduce any potential downtime your company may experience.


Here’s a ransomware DRP guide to help protect backups from ransomware:

Prepare to analyze the attack

The first steps after an attack should be isolating the infected systems and gathering log data from the compromised system.

Ensure you report the attack

A data breach reporting requirement exists in 47 U.S. states, so ensure you report the attack to the FBI, CISA, or U.S. Secret Service.

Create a communication strategy

Identify internal stakeholders—like IT, security, and legal—and external stakeholders, such as customers, incident response firms, and law enforcement.

Develop a strategy for resuming operations

Describe how to continue or resume the disrupted business functions.

Look at what went wrong (or well)

After you’ve experienced an attack, it’s crucial to look at how the attack could have breached your security posture. Consider what measures you can take to help prevent it from happening again, such as improving your backup protection, and what went well throughout the process. This will help you figure out what security measures are effective and which ones need improvement.


Educate Employees on Your Backup Protocol and Disaster Recovery Plan

It’s crucial to inform your organization of your backup protocol and disaster recovery plan and establish company-wide cybersecurity policies.

Two best practices for end-user protection are:

Security awareness training

With the right security training, your staff can learn cybersecurity practices to keep your organization safe.

Limit employee access to backups

Limiting access to your backups will mitigate the chances of hackers getting access to login credentials and, therefore, access to your backups. Unless they need access, keep access to your data backups to a minimum.


2. Maintain Multiple Backup Locations

The 3-2-1 Rule

The 3-2-1 rule is a conventional rule to protect backups from ransomware, making it a tried-and-true practice for your security posture. The 3-2-1- system requires you to duplicate all files on your system three times, including the original file, an on-site copy stored in a different storage device, and an offsite copy stored elsewhere.


Air Gap Backups

If only there was a way to turn off data accessibility and only turn it on when needed. Oh wait, there is! “Air gapping” backups is the process of keeping stored data out of physical reach from hackers. For example, when sensitive data is offline or disconnected from the internet, it becomes impenetrable to online hackers.


3. Test Backup Procedures Regularly

Testing all your backups—including your air-gapped backups—is considered one of the best practices you should perform often. In fact, testing the reliability and accessibility of backups is essential, according to CISA.


4. Ensure Backups Are Immutable 

An immutable backup is a backup that can’t be tampered with or changed in any way; after data has been written, it becomes unavailable in read/write mode to external clients. This means the data cannot be read, modified, or deleted if an attacker is in your network. Making your backups immutable is the only way you can safely recover your data if your system has become compromised.


5. Use Updated Technology and Deploy Software Updates

One of the most common ways hackers access sensitive data is by exploiting outdated technology and software. In today’s cybersecurity landscape, it’s no longer enough to use a vulnerability scan and call it a day.

Hackers are becoming more advanced in their methodology, making it crucial to deploy cutting-edge tech and advanced software, such as Endpoint Detection and Response (EDR/XDR), and update them often. Hackers can identify vulnerabilities that software providers haven’t resolved with updated tech and software. Frequent updates can help prevent this from happening.


Working With a Backup as a Service Provider

While the above practices should be implemented in every company, the best line of defense against malware targeting your backups is to utilize a backup as a service (BaaS) provider.


What is Backup as a Service (BaaS)?

BaaS offers a simple method for quickly accessing your data, wherever it may be, and allows users to recover files without troubling your IT staff. Your data security team can then appoint their focus to more demanding operations and less time on monitoring backup settings.

A BaaS provider can also ensure that your backups have the right level of immutability. Cybercriminals are increasingly exploiting vulnerabilities in your system to modify, encrypt, or erase your backup data as the initial target of their ransomware operations. With the necessary immutability from a BaaS provider, your data can not only be stored on a different, offsite location but also be monitored and, if necessary, restored in the case of a ransomware attack.


Protect More Than Just Your Backups With Our Ransomware Recovery Checklist

Working with a BaaS provider can help not only keep your backups as safe as possible but also create a remediation plan specific to your organization in the event of a ransomware attack.

Tec-Refresh utilizes the power of Rubrik to offer the top backup and instant disaster recovery services. We duplicate backups from your location(s) to our Network Operations Center (NOC) and Security Operations Center (SOC), allowing long-term storage and archival for maximum security against outside cybersecurity threats.

Still unsure about the steps you should take in the event of a ransomware attack? Grab a copy of our Ransomware Recovery Checklist to help ensure your ransomware remediation is performed seamlessly. Download yours for free today!