In this blog, we will continue our discussion on measures to devise a protection for data backups against ransomware infiltrations. Besides compartmentalizing the data backups, there are two additional measures that can streamline data backup practices to withstand the cryptovirological break-ins.
Implementation of Just Enough Administration (JEA) protocol
JEA protocols were originally worked out to beef up the cybersecurity of systems. The gist of JEA practices is to configure any cyber working space to only allow the exact functions required for its intended operation. When one implements JEA protocols to backup storage, it can mean two things.
- Whether it’s an in-house or offsite backup storage, it must not be accessible by any other means except for a single service account from the Active Directory.
- Moreover, the given service account must be a specialized one i.e. it should not be used for any other activity except for taking care of backup operations.
JEA protocols can prove to be really effective in protecting onsite backup storage spaces. The features of restricted access and limited utility actually make backup storage somewhat invisible to any lingering cyber threat.
Penetration testing for backup processes
Many existing backup storage systems are good enough to sustain cyber attacks. However, this can’t be said for the same system after three to six months. For that matter, it is imperative for entities to conduct regular penetration testing for their backup processes to keep them in line with the evolving technology. A penetration test is an authorized simulated cyber attack on the system for its security evaluation. This test should be twofold i.e. it must assess the technical side of the backup and also test the people responsible for it through social engineering tactics.
Backup storage is an effective way to deal with cryptovirological attacks along with professional ransomware removal measures. By streamlining their backup practices, organizations can establish an effective ransomware removal and recovery model.
