Welcome to #WeekendWisdom number 46. This week we’re going to talk about securing backup servers.
OK. Who wasn’t securing backup servers?
Earlier this week I was reading a story about a large Canadian second-hand car business which had a data breach involving some 260,000 users. What had happened was that they had a backup server that wasn’t appropriately secured. People were able to get onto that backup server and download the data of all these users.
Basically that business did not appropriately secure the backup server. Maybe they thought “It’s a backup server it doesn’t need that much protection.” But think about it. A backup server is going to have a lot of your production data.
So what does it need to set to?
So the backup server needs to have the same level of security if not more so than your primary servers. Make sure that they are properly secured.
Also with backups, I would also highly recommend having offline copies of the backups. Just in case that backup server ever gets damaged in any way by ransomware. So it’s important to back those up offline as well.
Is that all?
No. It’s not just backup servers that you need to take consideration of. Things like development servers or test servers. If you have some of those in your environment, they should have appropriate protections on there as well, because maybe they have some test data with actual personal data on them too. So ask your IT or your development team “Have you put appropriate protections in place on these servers?”
So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
For small business, we can carry out assessments on your server infrastructure and point out discrepancies on the security configurations.
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.