Expert comment: Data Privacy Week
January 2023 by Webroot Security Intelligence Director, Grayson Milbourne
As Data Privacy Week starts, it’s a great reminder for businesses the importance of protecting data, especially sensitive data, online. As cyber attacks are on the rise, its more vital than ever to have the right the cyber defences in place.
Grayson Milbourne, Security Intelligence Director at OpenText Security Solutions has provided a comment below discussing why recovery plans, that are fully backed up, are imperative for a business’s survival in the aftermath of a cyber-attack.
The comment from Grayson Milbourne, Security Intelligence Director at OpenText Security Solutions:
“Data privacy week is intended to serve as a reminder for organisations to safeguard data and maintain compliance. It is also an ideal time to check response plans in the event the bad guys get in.
Despite a businesses’ best efforts, it’s impossible to guarantee a breach won’t happen. Having a documented plan to detect, contain and respond to attacks can greatly minimise the time it takes to recover critical data and maintain operations. Identifying a businesses’ most valuable data assets and ensuring these assets are secured is an essential starting point. Access control is the biggest business vulnerability for most companies therefore, following a zero-trust mentality and limiting access to only those employees that need it greatly minimises damage in the event an employee is breached. Recovery plans should be specific and rehearsed periodically as during a ransomware attack, time is money. Attackers will increase the ransom amount the longer it takes to pay.
Because even carefully built backup and recovery plans can be compromised in an attack, additional safeguards are important. Keep multiple copies of backups in different domains (e.g., local and cloud). Likewise, consider backup solutions that do not allow an attacker to rewrite, encrypt, or modify previous backups. Lastly, keep a history of restored points and backups that cannot be compromised, this will allow access and restore from a good copy of an earlier snapshot.
Most importantly, implement ongoing security awareness training. Education goes a long way in preventing an employee from making a costly mistake.”