Data is critical to any business and as such, should be thoroughly protected by various tried and tested measures. Among these controls should be ensuring that your backups are tested. While this may appear an obvious and seamless task, there are a variety of intricacies to be cognisant of:
Ask your IT team to send you proof of the following:
- Installation of antivirus and anti-malware protection software.
- Regular application of operating system and SQL server patches, fixes, and updates.
- Monitoring and a history record of memory, disk space and CPU usage.
- Daily server status checks, such as Event Log checks and other monitoring your IT team runs as a service.
Whilst testing recent backups, ensure:
- Configuration of SQL backups and re-indexing (SQL maintenance plans) on the database are checked regularly.
- Your backups are stored off-site, or where compromised software or hardware will not affect it.
- Backup restores and data integrity tests are identified frequently.
Access to Information:
- Ensure you have determined and communicated password complexity requirements for your server access to your employees and suppliers.
- Communicate how credentials should be securely stored in accordance with your businesses policy.
- Create awareness in your business around phishing, and how your employees can identify phishing activities.
Recommended Backup Retention Policy:
- Retain daily backups for 7 days.
- Retain weekly backups for 30 days.
- Retain monthly backups for 12 months.
- Retain yearly backups for 5 years.
Ensure that you retain data as prescribed by the bodies that your business is governed by.
*Source: Cardinal 360