Backups are an essential part of data protection and data security. A key principle of the UK GDPR is that you process personal data securely by means of 'appropriate technical and organisational measures' - this is the security principle. The ICO recommends:
You make sure that you can restore access to personal data in the event of any incidents, such as by establishing an appropriate backup process. By ensuring you have an appropriate backup process in place you will have some level of assurance that if your systems do suffer a physical or technical incident you can restore them, and therefore the personal data they hold, as soon as reasonably possible.
📊 Statistic to ponder: According to recent studies, organisations with reliable backups recover 75% faster from ransomware attacks.
Ransomware-resistant backups are crucial because they ensure data recovery and continuity even after a ransomware attack. Traditional backups can also be targeted or encrypted by ransomware rendering them useless. Resistant backups use strategies like immutable storage, air-gapped systems , or write-once-read-many (WORM) storage to prevent tampering. They safeguard critical data, minimise downtime and eliminate the need to pay ransoms, protecting organisations from financial loss and reputational damage.
The NCSC article advises of two main way to backup:
🛡️by saving copies to physical on-premises storage that you are entirely responsible for managing, either within your organisation or third party.
🛡️by saving copies to a cloud-based backup service that handles some of this responsibility for you.
Analysis of incidents shows that before an organisation is aware of a ransomware attack, actors often target backups and infrastructure, deleting, destroying or encrypting the backup data to make it harder for the victim to recover data and so more likely to pay the ransom.
Details of how to create a ransomware-resistant backup are in the article 👇
NCSC Ransomware-resistant backups
 |
Schools, multi-academy trusts and colleges should look to the DfE Digital Standards for more guidance about cyber security and backing up data. |
If you’d like to learn more about the DfE Digital Standards—what needs to be done, who’s responsible, and the timelines—join one of our free webinars 👉 https://digitalstandardstracker.co.uk/
We offer a range of resources, support, guidance and tracking tools to help you monitor your progress and report effectively. Documenting and tracking compliance is essential - it can demonstrate your cyber resilience in the aftermath of a cyber attack!
Contact us today for some more information 📧