Where are your backups?
Part of effective internal controls and security maintenance is identifying and protecting critical data needed for operations. Ensuring access and availability of data is critical for daily work, but also essential in the event of a cyber incident.
Departments should ensure that there are multiple backups and locations of backups such as cloud repositories, hard-drives, and tape, and routinely test those backup to ensure data can be retrieved if needed. This includes working with any vendors that are storing data in any application to ensure they are meeting these standards. Here are some recommendations from the Cybersecurity & Infrastructure Security Agency in Alert AA20-245A:
Identify what data is essential to keeping operations running and make regular backup copies.
Test that backups are working to ensure they can restore the data in the event of an incident.
Create offline backups to help recover from a ransomware attack or from disasters such as fire or flooding.
Securely store offline backups at an offsite location. If possible, choose an offsite location that is at a distance from the primary location that would be unaffected in the event of a regional natural disaster.