- Get a cloud-based backup. This is key! Put your important files somewhere off site and out of the reach of malware, theft, or natural disaster.
- Use versioning to roll back to a point before the infection. Most cloud backup services offer you the ability to restore to a certain date or go back a certain number of revisions. Windows and the Apple Mac OSX allow a similar form of versioning (Shadow Copies and Time Machine) within the operating system.
- External drives are not sufficient. A USB or eSATA drive plugged into an infected PC is certain to be infected and encrypted as well. Any location on the network or accessible to the ransomware is vulnerable, so keep it separated. Tape backup may provide a good defense, but in general we don’t recommend tape for most companies.
- Verify that you are backing all important files. Most desktop-level backup applications offer a default set of folders and file types that may exclude some critical files such as QuickBooks company files, Autocad drawings, etc.
- Check your backups regularly to make sure the process is completing with no errors, the data is there, and it is recoverable. This may require you to delete and restore a file or two. This effort will be rewarded if you ever need to restore a critical file in a time of need.
- Enable notifications so that you are kept abreast of any failures or problems with your backup right away.
- Secure your backup data. If you choose a cloud-based provider, choose one that offers such features as encryption, HIPAA or SOX compliance, and two factor authentication. If you opt to backup to disk, be sure to rotate among multiple drives, take them off site and password protect or encrypt that backup.
- Consider using tools and technologies that are not vulnerable to malware. Microsoft SharePoint, OneDrive or Google Drive may offer an alternative to traditional file storage on the desktop that is much more likely to withstand a malware infection.
Bottom Line: There is no excuse for not having a robust and offsite backup solution. Recovery from a serious ransomware attack is only one reason this is still true in 2014.