Best Practices

Cloud Daddy Secure Backup in conjunction with AWS makes it simple to back up, take snapshots and replicate objects to other regions and accounts, adding layers of disaster recoverability that can benefit any enterprise when recovering from a cyber disaster, or natural disaster. Safeguarding your data in today’s world of continuous cyberattack should include a detailed look at security countermeasures in place and bolstering your overall security posture wherever necessary, including but not limited to physical and internal controls, perimeter, policy and education.

A robust data recovery strategy should incorporate cybersecurity countermeasures and add layers of cyber protection. To minimize the risk of a cyberattack, a security strategy should include patching and updating software as soon as possible to keep software environments up to date. Ongoing end-user security training should happen for everyone in your organization to understand and modify bad habits.

Some security hygiene best practices include:

•Start at the desktop by continuously pushing patches and updates. Keep up with updates or you will risk infection from problems across multiple desktops and connected server resources.

•Regularly push out operating system patches, zero-day vulnerability patches and security updates. If you are sitting on an unpatched vulnerability, you risk having it used against you.

•Put firewalls in place. Cloud web application firewalls must be used and appropriately set, and ports blocked, or you will be hacked.

•Good communication is essential. The IT experts putting together your servers may not also be security experts. They need to be very tightly coupled with your security information officer and his team — and the team responsible for backup.

•Educate employees about email. Since email is one of the strongest vectors of attack for cyberattacks, end-user security training can help shrink the potential for infection through email. Employees need to understand the basics of phishing attacks, which means not clicking on anything when they do not recognize the sender, as well as noticing other suspicious characteristics within an email.

•A strong password policy is necessary to prevent hackers from gaining easy access.

•RDP accounts need to be locked down. RDP accounts must also require strong passwords to prevent any brute force attempts for access.

•Create schedules for backup and replications adding layers of redundancy and disaster recoverability.

•To protect from natural disasters as well as potential region disasters, it is recommended that your infrastructure and backups be replicated and stored in other separate AWS regions. Cross-account and cross-region backup and replication should be performed adding redundancy to your disaster recovery plan as well as taking advantage of availability zones located well outside from your datacenter location.

•Test your backups and replications! Most organizations do not actively test whether their backup and disaster recovery plans actually work. They are just making backups, and when they restore, they may be going backward into backups that do not actually work or may not bounce back from advanced persistent threats.

Your backup strategy needs multiple layers of data protection to recover from today’s worst ransomware attacks. The combination of AWS and Cloud Daddy Secure Backup is transformative in driving innovation and offering the elasticity, agility and redundancy to not only provide modern data protection, but also combine it with multiple layers of capabilities that truly protects your organization’s data.