Focus on Security: Backups – The Ultimate Cyber-Security Weapon

by | May 5, 2016 | Compliance & Security, Compliance Technology, Cyber Security, Disaster Recovery (BCDR)

Data Backup. Magnifying Glass on Old Paper with Red Vertical Line.

Backups, we all believe and trust they are being performed regularly and will work if we ever need to restore our business after a natural disaster, malicious attack or cyber-attack, such as ransom-ware.  The reality is backups are not historically reliable and they become out of sight, out of mind!  You need to ensure they are being performed regularly and restoring from the backup media works. ePHI data is highly desirable by criminals because it is worth far more than credit card information on the black market. Because of its value, Covered Entities and Business Associates are now the targets of cyber criminals. With ransomware on a rampage and breaches highly likely, now is the time to take action.

Backups are the ultimate digital security or at least the first priority.

  1. Backups protect you from data loss and potential business ruin.
    • because of natural disasters
    • because of human mistakes or malicious acts
    • because of criminal acts such as ransomware or destructive malware.
  2. They do NOT however, protect you from data theft.
    • You still need to take steps to secure your data.
    • Consider encryption at rest and in motion.
    • Implement a security plan that includes anti-virus, firewalls, password management, education, HIPAA compliance testing, Vulnerability testing and File Integrity Monitoring.

 

Steps to a safer more secure data life.

  1. Perform backups on a regular schedule; nightly, weekly, monthly and quarterly.
  2. Ensure the backups are stored in a safe and secure location, whether it’s physical media or offsite or cloud based.
    • Do NOT store physical media near heat, water, sunlight or magnetic fields.Data Encryption Concept. The Word of Red Color Located over Text of White Color.
    • Do NOT store data offline or in the cloud without good encryption.
    • Redundant cloud storage is the most reliable media.
  3. Verify the correct data is being backed up.
  4. Encrypt the backed up data with at least 128 bit encryption, but 256 bit would be better.Verify the backed up data can be restored and used.
  5. Check your backup reports daily to make sure the backup worked.

Hope this helps ensure you protect your patients, your practice and yourself.