1Don’t Let Malicious Software Hold Your Data for Ransom
2Protect Distributed Data
Ensure you have an enterprise-grade automated backup solution as an insurance policy in case of an intrusion such as a ransomware strike occurs. Constant, automated backups across devices and desktops in remote locations of your organization provide a secondary store of data as a fallback mechanism in the event of a malicious attack. If you don’t already have a backup solution in place, this step alone offers not only backup and peace of mind, but also information governance. Having a cloud-based backup solution provides offsite storage—and peace of mind.
3Back Up Distributed Data
If your teams are distributed across regions, make sure that your current backup policy covers 100 percent of your user base. Review and validate the deployment scope of your current backup plan to ensure that your chosen backup solution is deployed automatically to all end users. At the very least, you should ensure key users are covered by your data protection policy.
4Know the Scope of Your Data Backup
Be sure to know exactly what your backup plan includes. Outside of protecting desktops and email, does your plan include user profiles, user-specific system and app settings or user-created custom folders? You should review, validate and, if needed, modify backup content to ensure that all important data for protected users is being backed up. This may require the expansion of the scope of your backup plan.
5Reassess How Frequently Distributed Data is Being Backed Up
6Validate Your Retention Policy
How long are you keeping your backups: 14 days? Seven weeks? Six months? Review and validate your retention policy to ensure a sufficient recovery point objective (RPO). This may vary depending on your particular industry and regulations, and internal IT policies. IT, legal and compliance teams will make the call on data retention needs.
7Reassess Policies Periodically
While these measures may be sufficient protection for the foreseeable future, revisit your backup policies periodically (approximately once every six months) to ensure they are aligned with your organization’s requirements. IT often has the primary responsibility for this routine, and in some cases acts in coordination with the legal team.