FRA has partnered with Silent Quadrant, a digital protection agency and consulting practice, on a four-part special blog series on digital protection for the wood supply chain. The series relates the following principles to the industry: Visibility & Control, Vulnerability & Protection, Backup & Patching, and Incident Response & Training.
Silent Quadrant, in conjunction with FRA, has developed a short survey to learn about the importance of cybersecurity for organizations and associations like the one you represent. Your feedback will assist us in providing important information to our members on protecting against cyber threats.
This survey should take no more than 5 minutes to complete, and we appreciate your help!
Please CLICK HERE to complete the confidential survey by Friday, September 3.
Cybersecurity Resiliency: Backup and Protection
Whether as a result of a cyber-attack or an accident, managing the risks around potential data loss – both organization and customer data – should be a primary business objective, aligned with a broader cybersecurity and business continuity strategy. Loss of data can impact an organization for days, weeks, months, or even longer. Diversified data backups serve as your primary risk management resource against data loss, whatever the cause.
Data loss can occur from:
- Accidental damage, deletion, or modification of data
- Hardware failure
- Local disasters
- Lost or stolen devices
- Modification, deletion, or corruption of files by malware or malicious code
- A ransomware attack requiring a large payment before files are unlocked
Visibility and identification are the first steps in designing a data backup strategy – what information should be backed up and how frequently. Prioritize critical and/or high-value data, which should ideally be backed up more frequently than non-critical data. It is important to take a strategic view of all data being generated across all applications in use within your organization to ensure completeness.
Data such as financial records, customer information, HR and internal information, research, proposals, and any other critical information that you cannot afford to be without should be designated and prioritized as critical/high-value. Additionally, network and systems configuration information, policy and process documents, application license information, and any applications that cannot be quickly accessed and restored from a cloud service should be included as well.
Bottom Line: If losing the data will interfere with doing business and serving your customers and stakeholders, it needs to be backed up.
Backups should occur on a regular cadence. The more critical the data is, the more often it should be backed up. Automation is key to ensure that backups occur either after edits are made to the data – depending on the criticality – or at regularly scheduled intervals. Data designated as critical/high-value should be backed up at least daily, if not several times per day.
When implementing your backup strategy, ensure that you are creating, at a minimum, three copies of your data:
- All copies should be encrypted.
- Two copies should be nearline and immutable: relatively easy to access for recovery and business continuity purposes, and neither copy can be altered once the backup has been written to a storage medium.
- One copy should be stored completely offline, not accessible via the Internet.
As a key element of your organization’s business continuity processes and planning, a sound data backup strategy is the single best proactive defense against systems failure, data mishap, and system compromise / ransomware attack.