|
|
|
|
|
|
by VendorManager
1824 days ago
|
|
|
Backups and disaster recovery sites are definitely important from business continuity perspective, but there is a bigger risk of leaking PII and other sensitive information such as SIN / Social security numbers if the software vendor has access to it. Your business might be able to recover from backup if the hacker has not encrypted it, but the hacker for sure will be maliciously using the PII information to send phishing emails. |
|
|
1. Test and encrypt backups.
2. Don't get hacked. Defense-in-depth philosophy and rigorous, routine social-engineering training/testing. If you get hacked, it's usually game over. Defend systems like the business depends on it because it does.
3. Limit exfil: extra security for PII, exfil detection, and [HN]I[DP]S.