Ransomware has been a red-hot problem in the current era and prevailing for some time now. Ransomware attackers will attempt to locate your backups, steal the data from them, and then delete them. If you can prevent this, you can recover from an attack without giving in to blackmail. And this has become more risky in the current COVID-19 pandemic times. This makes it more important for organizations to be extra careful and alert, and re-think whether their existing policies and procedures are adequate enough to prevent or mitigate a cyber attack.

Backing up your data is a key part of the defense against ransomware and other malware. If the backups are wiped out by ransomware, this defense is rendered useless. Ransomware attackers often try to find and delete or encrypt backups, many of which are accessible through compromised accounts. The loss of backups, even just recent backups, makes an attack a much more costly event and limits your ability to resist the attacker. What are the practical ways to prevent such cyber attacks?

As with most security precautions, there is no 100% guaranteed way to protect your backups. But by following best practices, you can significantly increase your chances of being able to use backups for recovery from the attack with minimal losses of time and business. Having said this the best strategy is to go for 3-2-1 rule. This is the right way to protect your organization—not just from ransomware but from myriad other problems that over the years have crippled companies and ruined careers.

Follow the 3-2-1 rule of backup:

The 3-2-1 rule of backups:

• Three copies of the data are backed up
• Two different storage media are used for the backup
• One copy of the data is kept off site

The goal of the 3-2-1 rule is to increase the chances that a backup will be available. Keeping a copy remote protects you even in case of a fire or natural disaster. Backup strategists keep adding numbers to make corollaries of the rule.

Enterprise backup software is generally designed to facilitate this approach as a best practice. Typically, one copy will be kept on an on-site storage device like a deduplicating backup appliance or high-density disk storage system. At least one of the others is written to an off-site deduplicating backup appliance or tape. But a cloud storage service is a candidate for one of the copies as well.

A good data protection setup will set the backup frequency, retention, and number of copies in relation to the value of the data, as not all organizational data has the same value. You really need to think the strategy through with respect to your own organization’s needs and capabilities, not to mention regulatory requirements.

Other rules follow from the 3-2-1 rule and from common sense: An on-site copy should be available for quick, operational recoveries. It should be in separate hardware so that it can’t be taken down by a problem in the devices it is backing up. The second copy doesn’t need to be as instantly accessible, but it should be available if needed.