Data is the most important corporate asset, since it contains sensitive information about the company, its customers, its supplier, etc. Several recent examples of security scams and incidents in the web show how data loss can be a major disruption. Therefore, it is critical that companies and their users adopt efficient practices for protecting their data and backup is one of these resources available to anyone.
In brief, backup is a copy of the files contained in a system and is highly recommended for saving documents, images and other important files in networks or in the cloud. But creating a secure backup requires more than just copying files to an external drive. When done without attention to security, even copies of the data may be under risk of leakage.
To have a backup procedure as part of the Information Security Policy is an effective way to avoid risks associated with data loss. This rule applies to public and private organizations in any industry.
Check out some tips for performing a more secure backups.
Define appropriate location
Depending on the type of the file to be copied, it is important to save it to a specific drive, properly protected by security controls. Network segmentation is a key technique for sparing sensitive and strategic data. Some recommendations will support your backup:
- Manage effectively access privileges to storage locations by ensuring that the rules of your access policy are followed;
- Be able to track and record all data access;
- Keep the site under constant monitoring, seeking to identify intruders or unusual behaviors.
It is necessary to identify which data is a priority. There are files of extreme importance that are updated frequently. For those cases, it is essential to perform backups at shorter intervals than for files not considered priority. This regularity contributes recover data faster, whenever a device is infected.
Attention to mobility
Many people use email boxes to store information that is confidential. To protect this information, it is important to enable controls for in boxes. In corporate scenarios, email servers should be protected by efficient resources, such as e-mail firewall, data loss prevention and encryption technologies. Additionally, training your employees will help to reduce inappropriate and unsafe behavior.
Its worth to stay alert to storage on mobile devices and cloud applications. In those cases, it is key to know the security practices and controls adopted by these resources.
Test your backups periodically
It is important that the company define a schedule the test of all the backups made. This procedure may prevent possible frustration, since there are chances the files were corrupted.
Back up is an important technique, but it is just a resource. Companies should consider that every copy of data may have limitations and should map out what potential problems they may face. It is also imperative to adopt other security controls, including some to protect backups.