| > especially offsite And offline¹ or immutable². Some automated ransomware actively goes after common backups³ before touching the base data, more targetted attacks will too. [1] If part of your threat model is security, not just accidental loss/damage, as it should be for everyone, this stops an attacker jumping from your base system to get at your backups. [2] Alternatively, this will stop them modifying your backups even if they get access. Cloud providers offer what is claimed to be immutable storage, though your level of trust in them, your sensitivity to cost, and the likelihood you might someday want to properly forget something, will factor in to whether this is suitable. [3] One reference amongst many: https://www.advintel.io/post/backup-removal-solutions-from-c... > And don't forget to test them regularly. A vital step that too many people skip. Or for advanced failure patterns: setting up automated tests that don't fail safe (does no alert mean all is OK, or does it mean the alert system has failed too?) and/or not monitoring to make sure that they are working. |