Skip to content

Protect your Backups from Ransomware

Nino Vales 2018-06-22

Ransomware scans network locations where the infected user has read and write access. Files under documents, desktop, and the shared folders you have access are examples of locations vulnerable to getting encrypted.

Imagine if an administrator account or someone using an account that has full read and write access to the server gets infected. Easily, everything on the server and the network will be affected. It can halt the operations and affect the productivity of not just one person but the entire organization.

Yes, there is a reliable backup solution. So why worry about it? 

Leaving the backup storage with incorrect permissions will put the backups at risk of getting infected and unauthorized access.

The objective is to isolate the backup location from unauthorized access and Ransomware. This can be achieved by enforcing strict permissions to the backup storage and only be limited to the backup administrator account. By implementing a separation of duties approach, we secure the backup location by removing all unnecessary write permissions for all other accounts except the backup administrator account. 

It’s like installing multiple locks with different and unique keys for each.

Some of the commonly used backup storages and security concerns about them:

  • Internal hard drive – As long it is on a separate physical drive and file or sharing permissions are secured. 
  • Network Attached Storage – Supports secure folder access. Network based storage, recommended for home or small office use. Lock down file sharing permissions as well.
  • Portable USB hard drives  Prone to getting infected. Best practice is to disconnect every successful backup. Some backup software supports automatically disconnecting the drive each the time a backup job is completed.
  • Cloud storage repository  Requires a paid subscription but isolates your backups from unauthorized access. Benefits includes availability during disasters like theft or calamities. This however relies on the speed of your internet connection. OneDrive, DropBox, etc. are different from backup Cloud repositories.
  • Tape drives  The tape drive itself is pricey. It is considered to be "safe" since the tape media is offline.
  • Optical drives, CD/DVD – Read-only. It is tedious, especially for backing up large amounts of data.

If you are unsure of the status of your backup routine or interested to know more about best practices on protecting your data against cyber attacks, let us know and we'll be happy to assist!