RESPOND AND RECOVER
We know that the speed to stand up new services and platforms means important data can slip the back-up net, which has major consequences if outages occur, and if data is lost or compromised. The shared responsibility matrix needs to be applied across all new services to ensure effective coverage of all your data storage and backups.
Ensure backups are complete and copies are stored in separate DC’s or clouds and are backed up to an isolated encrypted NAS.
questions that need to be asked and answered
If all hell breaks loose could you actually respond to a significant threat?
Most companies have some sort of plan on how they’d manage an incident. Some have been tested, some haven’t. Now’s the time to pull it out of the cupboard and give it a refresh and test.
Could we actually get our data back?
It’s the final line in the sand! You need to know that if push comes to shove you can always recover your data in a timely manner.
By following these actions you will be in a better position to respond and recover.
- IRP’s are important and you’ll never value it more than when you need it. If you don’t have one get started on building one. IRP’s are all about being prepared, it shouldn’t be complex but it does need to be effective.
- If you have an IRP make sure you test it annually. Not only does it need to be up to date, your team/s need to understand it particularly in a time of crisis.
- There’s no point having an IRP if you don’t know you’re under attack. Utilise a SIEM to monitor for security threats, once you’ve validated a threat move to your response plan.
- Security Orchestration and Automation Response (SOAR) technologies provide a rapid response to a threat 24×7. They also reduce the resource burden on your security team.
- Complete a thorough review of your backup policies and backup performance. Ensure everything that needs to be backed up is being backed up. Also look at retention policies, does it fit your business’s needs.
- Make sure you’re regularly performing test restores. What’s the point of backing it up if you can’t restore it.
- Don’t rely upon native cloud capability to recover your data. Whilst they provide data replication this isn’t data recovery, ensure you backup your cloud data with third party SaaS backup platforms.
- Office 365 built-in retention policies can only protect you from data loss in a limited way and are not intended to be a complete backup solution. Third party SaaS Backup protects and recovers your entire Office 365 from your emails, calendars and contacts, to tasks, OneDrive files, SharePoint and Sites.