People keep asking what they can do.
How can they help
If you are a small business owner one of the best things you can do is make sure you have a good backup and recovery plan
Good back ups are the Victory Gardens of the 21st Century 
And if your business is considered critical infrastructure
or if you want your insurance to be worth the money you pay.
You need good backups, by demand of law and lawyers
And it means more than just hiring a Cloud Company.
You need to plan 
Start now
You need to identify the important files you handle and evaluate the common risks to those assets
Know how the data moves, and decide how long you can be down, and how far backups need to go.
Then develop procedures to make sure the plan is done and tested 
As you craft policies and procedures think about a 3-2-1 Backup strategy for your sensitive files
You want three copies
You want two different media types
You want one off-site copy of anything needed for emergency restoration 
Chances are your Managed Service Provide or IT shop handles much of your backup, but you are responsible for the risk
Decisions belong to you. As you decide on the media types you need to understand the risk associated with the storage solution and shared responsibilities. 
For almost every small business you will land on a cloud backup solution.
These do not come without risk. You need to document in your system security plan how you mitigate these risks
Encryption, MFA, and Least Privileged 
All of this should be documented in your backup recovery plan.
Just choosing a vendor is not enough. Your back up and recovery plan should cover these eight elements 
Once you have policy and procedures in place you should deploy the backup system
Means protecting backups
It is at this stage where most bad guys break into your stuff and screw it all up.
You need protect the backup system at all times and most involve shared responsibility 
Small business owners often overlook on area of risk that allows attackers a chance to get your data.
Your backup policy needs to spell out how long copies get kept and the proper way to destroy sensitive data 
Almost all cybersecurity frameworks and government regulations require small businesses to periodically test your backup recovery systems.
You need to make sure you can test processes and cloud solutions while training employees
You need to run practice exercises
Improve 
As always, better cybersecurity is better business
You need to be be aware
Good backups save all the bucks 
hey @threadreaderapp unroll