By Deb Gannaway on November 16, 2019 7:36 am
Deb Gannaway

It cannot be overstated: a “back to basics” approach to system security can reduce the number of administrative tasks and improve the overall security of an organization’s network. Those in charge of managing the day-to-day IT operations or C-level strategy for IT can often be in reactive mode – especially in the wake of a security incident – which can lead to a constant feeling of being overwhelmed and unnecessary purchases.

Going back to basics is about making sure priorities are focused. For example, instead of trying to protect every device on a network, organizations should focus on data protection best practices. Data protection through backup and recovery is an essential best practice and if the worst does occur it can make all the difference.

Identify prime backup targets

Data protection is not a ‘set-it-and-forget-it’ type of function. Often, it’s a complex undertaking that requires many steps. However, it’s a critical, basic IT function that comprises one of the three fundamental pillars of a back to basics IT security approach (the others being network visibility and account management).

When it comes to data protection, because many IT teams work in reactive modes they believe purchasing firewalls or attempting to protect an entire organization’s network using hardware or endpoint software is the best strategy. While there is value in threat prevention appliances such as firewalls, the first priority should actually be to understand where the most sensitive data on the network resides and how it should be protected (View

The first step in a data protection strategy should be identifying which data is most sensitive to an organization (beyond the requirements laid out by industry-specific rules and regulations). Tapping into the knowledge of users, typically employees, can be hugely beneficial. Users often know more about the data being used than IT simply because they are the ones consistently using it. This type of data identification can be especially beneficial when looking at unstructured data.

Create a backup and recovery strategy

Once sensitive data has been identified, the second step is to create a comprehensive backup and recovery strategy with scheduled backups of critical data. Most large organizations with an IT team will already have backup in place and a schedule for periodic backups. While it’s important to include any new sensitive information in a revised backup strategy, the emphasis for those with established plans should be on the recovery side (the next step).

The third step is to ensure backups are always tested. Many well-intentioned IT teams have very good backup strategies but fail to test their backups. If you can’t recover a backup, the entire exercise is unproductive. Backups must be reliable and easy to recover. It’s critical to perform routine tests of backups and if backups are encrypted it’s doubly important simply because in case of emergency – such as a ransomware attack – recovery of a previous backup could be the only solution.

It goes without saying that backups also need to be stored off-site in case of a physical security breach, fire or other natural disaster where hardware is lost. Having backups in multiple locations also increases their security.

Create a comprehensive security strategy

Data protection through backup and recovery is a basic IT function, one that most IT teams should already be performing, yet many backups go untested which can lead to disaster should they ever be called into service. With the abundance of unstructured data on most corporate networks, it’s possible that critical data also goes unprotected.

Creating an extensive backup and recovery strategy can protect you in case of an attack, and it does not have to be complicated. DG Technology helps you secure your critical data, appliances and infrastructure, from the mainframe to the endpoint. Schedule a complimentary consultation with DG’s team of security specialists and get started on a back to basics approach to backup and recovery.

Also, view our infographic on how to get back to basics with your cyber security program.