• Office of the Comptroller

Review and Test Your Data Backup Plan 3-2-1

Cyber experts recommend a “3-2-1” backup plan for critical data to ensure that it is properly retained and available to be restored if there is a cyber event that locks up or steals the data. Critical data is defined as part of your data inventory and Disaster Recovery Plan.   

  • Have at least 3 copies of data. 

  • Store the copies on 2 different types of media. 

  • Keep 1 copy at a location offsite such as on the cloud on tape. 

Routinely test the backup copies to ensure that copies are being properly maintained, and test the process for restoring data (Disaster Recovery Plan) to applications if data is compromised. At a minimum, third party contractors that host your data should replicate this plan.

See Four Steps to Prepare for a Cybersecurity Risk Assessment for how to create a data inventory. Visit  the  Cyber Center for additional resources and links for cyber alerts, and contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber attacks.

44 views3 comments