CyberScout

What Backups Can (And Can't) Protect You From

backup protection
Getty Images

While backups are an important tool for cybersecurity, they’re not a panacea. Here’s what they can and can’t protect you from.

Ransomware: There are countless variants and strains of malware out there, some more sophisticated than others, but one consistent method across the board is to lock a computer or network, encrypting its contents and then demanding a ransom to regain access. It can be possible to restore from a backup recorded before a machine or system was compromised, with some caveats (see below).

Malware: A single careless click on an email attachment or a well-disguised link can deploy malware on a computer, network, or device. As with ransomware, the process of trying to fully root out a malicious program and ensure its complete removal can be time-consuming and require the services of IT technicians. When this happens, it’s often easier and more efficient to roll back to an uninfected backup.

Physical damage: Recovering data from a physically damaged computer or storage device may not qualify as “cybersecurity” in the traditional sense, but having backups does indeed keep your data secure. While we typically envision cyber attacks as the primary threat to data, power surges, dropped laptops, and even spilled coffee can necessitate a restoration from a backup. 

What backups can’t protect against:

Ransomware: Although restoring from a backup can stop some ransomware attacks in their tracks, it’s not always a solution.

“If ransomware gets into your network, and it happens at the moment that you are backing things up, it could crawl into that backup system, unless it's a separate system that you intermittently connect to,” said CyberScout founder and chairman Adam Levin.

Data leaks and breaches: If a hacker gains access to your system and is able to exfiltrate your data, no backup can save you--unless you can turn back time.

Poor passwords and data hygiene: A backup can help restore or mitigate a malware-infected computer, but there’s still no substitute for adequate training for employees to minimize their risk in the first place. “A compromised employee can lead to a compromised company,” says Levin, “which is why I favor cyber training that is aimed at minimizing, monitoring, and managing cyber risk.”