Our Insights

Valuable information we share.

Protecting your Backups from Ransomware

Posted by Nino Vales | Jun 22, 2018 10:48:02 AM

Ransomware scans network locations where the infected user has read and write access. Files under documents, desktop, and the shared folders you have access are examples of locations vulnerable to getting encrypted.

Imagine if an administrator account or someone using an account that has full read and write access to the server gets infected. Easily, everything on the server and the network will be affected. It can halt the operations and affect the productivity of not just one person but the entire organization.

Yes, there is a reliable backup solution. So why worry about it? 

As important as it is to have a regular backup of the computer and the server, leaving the backup storage with incorrect permissions will put the backups to waste. 

The objective is to isolate the backup location from unauthorized access and Ransomware. This can be achieved by enforcing strict permissions to the backup storage and only be limited to the backup administrator account. By implementing a separation of duties approach, we secure the backup location by removing all unnecessary write permissions for all other accounts except the backup administrator account. 

It’s like installing another lock on a door that can only be unlocked using an exclusive key and not with the master key.

Some of the commonly used backup locations and few security concerns about them:

  • Internal hard drive – As long as this is not on the same drive and file or sharing permissions are secured. 
  • Network Attached Storage – Supports secure folder access. Network based storage, recommended for home or small office use. Lock down file sharing permissions as well.
  • Portable USB hard drives  Prone to getting infected. Best practice is to disconnect every successful backup. Some backup software supports automatically disconnecting the drive each the time a backup job is completed.
  • Cloud storage repository  Requires a paid subscription but isolates your backups from unauthorized access. Benefits includes availability during disasters like theft or calamities. This however relies on the speed of your internet connection. OneDrive, DropBox, etc. are different from backup Cloud repositories.
  • Tape drives  The tape drive itself is pricey. It is considered to be "safe" since the tape media is offline.
  • Optical drives, CD/DVD – Read-only. It is tedious, especially for backing up large amounts of data.

If you are unsure of the status of your backup routine or interested to know more about best practices on protecting your data against cyber attacks, let us know and we'll be happy to assist!

Topics: Ransomware, Backup

Written by Nino Vales

Nino regularly writes about tips and articles about Cyber Security. He currently holds dual CCNA certification in Routing and Switching, and CyberOps. During his free time, he loves to go fishing and play basketball. He is a huge NBA fan and loves to collect limited edition basketball sneakers and jerseys. He currently plays NBA 2K19 in his PS4.


Clear Concepts is a team of passionate professionals, proud of what we do — we want to make a positive impact on your operation.

Let us hear your technology challenges and opportunities so we can help you get the most out of your technology investment, on-premise and in the cloud. Contact us today.