• Office of the Comptroller

What’s your data and systems backup plan?

Now is a good time to review your data and critical operations backups! According to best practices in the CISA Ransomware Guide, effective internal control, business continuity, and disaster recovery plans should include:

  • Maintenance of offline, encrypted backups of data and critical systems Have at least one copy of data that is offline, because newer ransomware may have the capability to locate and infect all accessible backups. Organizations should also maintain updated image templates of operating systems and software applications of critical systems in case these have to be rebuilt.

  • Test backups on a regular basis Testing of backups should include review of the accessibility and integrity of data that is stored, and testing the strategy for rebuilding critical systems if compromised by ransomware

Fiscal and operational staff should discuss the above internal controls, and build budget requests if funds or additional resources are needed to maintain these security requirements.

Visit our Cyber Center for additional resources and links for cyber alerts, and contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber attacks.

cybersecurity tip of the week header image

18 views0 comments