With the rise of ransomware attacks, enterprises — and personal computer users — are struggling to find foolproof prevention tactics. Cybercriminals often target backup systems, and some ransomware variants stay dormant for months before activation. The criminals’ goal is to eliminate any chance of data recovery; if a company doesn’t have access to its backups, they’ve succeeded.
An air-gapped backup strategy keeps backup media isolated from other computers on the network. The air gap is, quite literally, a lack of cables or connections — since the backup is totally offline, it can’t be compromised easily.
For decades, air gapping has been a cornerstone of disaster recovery. It’s also a useful tactic for personal computer users: If you keep a backup of essential data on a mobile hard drive or optical media, you probably won’t be calling Datarecovery.com anytime soon.
However, while air gapping plays an essential role in preventing data loss, it has its own drawbacks. Here are a few considerations to keep in mind:
- Since the media isn’t connected to the network, it can become outdated quickly. This is an especially significant problem for servers, but it can also apply to home computers: If you need an up-to-date copy of a certain spreadsheet, a month-old or year-old version probably won’t suffice.
- The backup media should be redundant. We frequently receive calls from clients who had excellent backup practices, with one crucial exception: They only kept a single copy of the important data. Clients may try to read the data on a compromised system, which in turn compromises the backup. More often, the same event that affects the original system also affects the backup (for instance, when fires or flooding cause data loss).
We recommend keeping three physical copies of important backups at the absolute minimum. Always assume that your backup will fail — if you have three high-quality backups, that won’t be a significant problem.
- Peripheral devices can compromise the air gap. USB drives and optical media can carry viruses and ransomware, and again, cybercriminals are intelligent; they design malicious software to target backup systems. If the backup system is frequently used with peripherals, it should be considered compromised. Enterprises can limit this risk by using USB locks and other tools.
- The data needs to be encrypted. Many cybercriminals aren’t interested in stopping a system from running; their goal is to collect information that could be used in a wide-range systemic attack. Some users assume that since the data is air-gapped, encryption is unnecessary — but again, air-gapped media can be compromised when connected to the backup system.
- The backup media needs to be checked regularly. All media can degrade over time. Many air-gapped backups develop issues, and they’re not readable when disaster strikes. Backup media needs to be regularly tested and checked to be considered useful.
An air-gapped backup can provide important protection from ransomware attacks and other types of logical data loss. With that said, simply creating a single backup won’t do much — you’ll need to take the right approach to limit your risks.
If you’ve lost data, we’re ready to help. Contact our offices by using our online form or calling 1-800-237-4200.