Regular Backups
What are Regular Backups and how do they work?
A backup is a process by which important data, software, and configuration settings are stored for the purpose of recovering from an unplanned event such as server failure, accidental deletion of a file, or malicious activity.
Regular backups should be performed in a coordinated and resilient manner in accordance with ‘best practice’ business continuity requirements.
Backups should be protected in a manner in which they cannot be tampered with, as it is not uncommon for hackers to search an organisation’s network for backups.
In addition to backing up an organisation’s data, it is also important to test the restoration of systems, software, and important data from backups. Testing should be in a coordinated manner as part of business continuity or disaster recovery exercises.
Why are Regular Backups important?
In the event that your organisation is compromised by a hacker, it is vitally important to be able to recover from ransomware or a destructive hack.
It is therefore imperative that your organisation’s data is backed up and that it can be restored when required.
ACSC recommends that backups of important data, software, and configuration settings are performed and retained in a coordinated and resilient manner in accordance with business continuity requirements.
This control should also be extended to protect the backups from unauthorised individuals.
Introspectus Key Features
What's the solution?
Introspectus helps organisations maintain control over the IT security of their business environment by testing the effectiveness of their backups on all endpoints daily.
Introspectus confirms the effectiveness of an organisation’s backups by checking that each mapped drive on server infrastructure is regularly backed up. This information is analysed and a maturity score is produced against ACSC’s Essential Eight Maturity Model, confirming that:
- Servers are backed up on a regular schedule.
- All drives on the server are backed up and identify any endpoints where the policies have not been implemented.
