Back to security basics: Let’s back things up a little
Last time we explored how the simple lock screen keeps data out of the wrong hands. This time, we’re looking at a form of protection that always pays off: backups.
Data loss is a very real danger, and it’s a major threat to any organization. How well you equip and motivate people to guard against cyberthreats helps determine how well your organization is protected.
But thousands of cybersecurity professionals are relying on the wrong thing—traditional security awareness training—to push their people to do the right thing.
So, we need to talk.
Data loss is pretty scary, right?
It can get to you through human error, file corruption, hardware fails, or, of course, as part of a cyberattack. And let’s not forget good old-fashioned fire or flood too.
The fact is that if your data vanishes, your finances will be hit hard and your reputation hit even harder. It’s a deep, dark hole to climb out of.
Sadly, many organizations don’t ever get out of the hole.
Behaving with backups
SebDB—which links security behaviors to risks—rates creating backups as one of the most powerful security habits. In other words, ensuring data backups for data stored on your devices and network is a good way to minimize your risks.
Ideally everyone would be creating regular backups. And automatic backups make the whole thing a breeze. The hard part is nudging people’s backup behavior in the right direction.
Maybe you’ve shared some scary statistics about data loss. If people understand what’s at stake, they’ll adopt auto-backup immediately, you reason. Except it’s not that simple.
What if there was a better way to get people to create secure backups?
The fear factor isn’t enough
Despite some people’s love of skydiving and wrestling with sharks, on the whole we’re hardwired to stay away from danger. So, when we want someone to adopt a safer behavior, we point out the perils of not doing it that way. We rely on what’s called “threat appraisal” to give that person a nudge toward safer habits.
Threat appraisal is a key ingredient in traditional security and awareness training. By revealing to people they’re susceptible to severe repercussions, surely people would respond by pulling their socks up, the theory goes. But threat appraisal doesn’t work very reliably.
So, researchers explored whether anything else would prove a stronger driver for making secure backups. Which was the strongest fighter, they wondered: convenience factors or threat factors? The results are crucial for any security professionals:
Participants were much more likely to adopt automatic backup if they understood how easy and convenient it was.
In comparison, threat appraisal was less effective at influencing adoption of backup—although users who felt vulnerable to data loss were likely to make use of it.
The message is clear: people who perceive the cloud as a seamless, low-effort backup option are more likely to adopt automatic backup. Sure, users who felt vulnerable to data loss will also use the cloud, but convenience is the bigger factor.
Want to build this into your cybersecurity strategy?
So, how can you make backups a norm in your organization? And how should backup media be secured? Well, lucky for you, we’ve rounded up a few backup security best practices for you.
Cloud services are the most convenient—and, as we’ve covered above, that means they’re the most likely to be adopted. Cloud storage is not 100% secure, but it saves you from bigger risks than it presents.
Because no backup option is 100% reliable, double up that backup with a removable hard drive. We like the 3-2-1 rule, where you make three backups over two devices, and keep one offsite.
For ‘core’ backups of central data, opt for removable storage, and keep it locked away.
Make auto-backup part of your culture. A no-brainer set-and-forget. Something you can’t afford not to do.