Offline Backups: Pros, Cons, Best Practices, & More
August 2, 2022
In this day and age, backing up data is a standard practice. But just how secure is your backup? While your company might have a local, onsite backup or automated cloud-based backup system for server failures, deleted files, or other day-to-day needs, you won’t be able to rely on those in the event of a ransomware attack.
If even one device is compromised, ransomware can quickly and quietly infect your entire network without being detected—including your network-connected backups. And once they’re in, hackers won’t just encrypt your data; they could also delete, overwrite, or otherwise sabotage your storage to build their leverage. Unless you pay up, you risk permanent loss to mission-critical data.
To prevent hackers from accessing network backups and increase the chances of data recovery, all organizations should implement a separate, offline backup system. Keep reading to learn more about what it is, why it’s effective, and how you can set one up.
Disclaimer: Please note that the information provided herein offers guidelines only. It is not exhaustive and does not constitute legal, insurance, or cybersecurity advice. For more guidance, please consult a lawyer, a licensed insurance representative, and/or a cybersecurity specialist.
What’s an offline backup?
An offline backup is a secondary storage system in a secure external location that is completely isolated from the production environment; it’s not connected to any other computers, networks, or internet-enabled devices and is thus “offline” or “air-gapped.” Once a system becomes accessible from the internet, it’s no longer offline.
The concept of an offline backup is simple: if data can’t be reached remotely, it can’t be corrupted. Without a network connection or direct onsite access, it’s more or less impossible for someone to compromise your information. The only way to transfer data to an offline system is by physically inserting some kind of removable media, like a USB key, disc, or external hard drive.
Why are offline backups effective?
By now, you might have heard of the 3-2-1 backup rule. Three copies of your data on at least two different storage mediums (i.e. local hardware and cloud), with at least one copy stored offsite or off-premises.
Having an offline backup takes the 3-2-1 rule one step further. It’s not your first line of defence against attack—it’s your last resort. The backup to your backup, so to speak. It supplements your existing storage and provides an extra layer of protection. And if all else fails, it can provide you with a clean, unaffected, albeit slightly outdated, copy of your data to restore your systems without giving into ransom demands.
As a result, offline backups can ensure a safe and speedy recovery not only from cyber events, but from any kind of data crisis, like network outages, equipment failures, theft, or natural disasters. For good measure, your offline backup should include all forms of data stored within your company network, like databases, operating systems, applications, and configurations.
RELATED: Ransomware: Should You Pay Up?
Who needs an offline backup?
While every industry can benefit from an offline backup, it’s critical for organizations in the healthcare and financial services sectors, who are disproportionately targeted by cybercriminals.
Are there drawbacks?
Offline backups aren’t without their challenges. Manual transfers are often time-consuming and labour-intensive, especially for large volumes of data. And because data can’t be updated to reflect ongoing changes, it becomes outdated fairly quickly. For example, if you lost your data today, how helpful would a remote copy from a year ago really be? While there are automated solutions on the market, any device that is connected to the network could potentially be hacked.
However, speed is a necessary tradeoff for maximum privacy and security. And as long as you backup diligently, you shouldn’t have a copy that’s more than a few months, or even weeks, old.
RELATED: Prepare Now or Pay Later: How Can Businesses Mitigate the Risk of Ransomware?
Best Practices: How do I implement an offline backup?
1. Determine what should be backed up and how often.
The timing between backups will vary between businesses and should be based on your industry, the type of data you have, and how often it changes. In general, you should aim to update your offline copy every 3-4 months at the very least, although it might be necessary to maintain daily or even weekly backups for frequently-changing data, like financial records, employee records, personal health information (PHI), and client and case information. But be realistic about your organization’s ability to keep to a consistent schedule; the ideal setup will allow you to backup your offline copy regularly without straining your resources or systems.
2. Develop a backup policy.
Determine who from your organization is responsible for regular backup, the intervals for doing so, and all procedures, including authentication protocols. Limit privileges; offline access should be restricted to designated devices and personnel, like senior management, IT staff, or anyone else who absolutely needs it. If necessary, develop a detailed audit checklist that must be completed following each session.
Additionally, be sure to store all backups in an encrypted state, with specific permissions for testing or restoration activities only. This will ensure your data can’t be read in the event of compromise.
RELATED: Encryption Basics: What is it, Best Practices, & More
3. Monitor your cloud networks.
When offline, data cannot be reached by cybercriminals. However, it’s still possible for offline backups to be infected during the copy process if ransomware slips into your local network and isn’t caught before the next upload. USB drives and ports can also be corrupted with malware, famously seen in Iran’s 2010 Stuxnet attack: hackers accessed offline nuclear facilities through an infected USB flash drive.
Businesses can mitigate this risk by scanning local networks and USB keys for malware before each backup and storing USB keys in a secure location between cycles. Additionally, disable auto-run features on your devices to keep any unknown files from launching without your permission.
4. Test your backups.
Have clear procedures on how to restore data from your backups and test them periodically to verify that all recovery mechanisms operate as they should.
Are offline backups worth it?
We know, it sounds tedious—and costly—to add yet another security protocol to your systems. But if your organization suffers a breach, the cost of recovering from an attack will be significantly higher. In fact, the average cost of a breach is about $4.35 million USD according to IBM Security’s 2022 Cost of a Breach Report.
Even worse? Insurance companies are cracking down on baseline cybersecurity controls, like multi-factor authentication, encryption, offline back-ups, and security awareness training, for organizations before they can obtain Cyber Insurance. Without encryption, you won’t be able to rely on Cyber Insurance to cover your losses in the event of a breach, leaving yourself exposed to potentially millions in remediation costs.
That’s why an offline backup is vital to your cyber risk management strategy. It won’t just help you fend off ransom demands; it’ll improve your overall security posture, ensure you remain in good standing with your insurance company, and mitigate the financial, legal, and reputational consequences of a privacy breach.
RELATED: The Consequences of a Breach: Can Your Business Survive a Cyberattack?
For more guidance on cyber risk management, connect with PROLINK. With 40 years of experience and a specialized knowledge of cyber markets, PROLINK is ahead of industry trends. We can share what steps others in your industry are taking and help you become resilient in the face of attack.
Our dedicated team of risk advisors will help you:
- Identify exposures based on your business operations and unique needs;
- Adopt a proactive approach to risk management to control your costs long-term;
- Conduct a robust assessment of your existing insurance policies to detect any coverage gaps;
- Secure a specialized solution that aligns with your strategic objectives.
To learn about your exposures—and how you can protect yourself—visit our Cyber Security & Privacy Breach Toolkit and connect with PROLINK today for more guidance!
PROLINK’s blog posts are general in nature. They do not take into account your personal objectives or financial situation and are not a substitute for professional advice. The specific terms of your policy will always apply. We bear no responsibility for the accuracy, legality, or timeliness of any external content.