CISA Step 3 – Perform and Test Backups

October 23rd, 2023
CISA Step 3 – Perform and Test Backups

Today we continue with our series discussing the highest priority cybersecurity steps as identified in the January 2023 CISA published report “Partnering to SafeGuard K-12 Organizations from Cybersecurity Threats.” In that report, CISA suggested that schools start their Cybersecurity journey by implementing six of the Highest-priority security measures.

  • deploying multifactor authentication (MFA
  • mitigating known exploited vulnerabilities (patching)
  • implementing and testing backups
  • minimizing exposure to common attacks
  • regularly exercising an incident response plan
  • implementing a strong cybersecurity training program

This bulletin will address Step 3 – Perform and Test Backups.

To quote the CISA’s report:

“Many organizations who have fallen victim to damaging intrusions such as ransomware either had no backups or had incomplete/ damaged backups. K–12 entities should back up all key systems regularly, and also regularly test partial and full restoration of data. This practice should be documented in a written plan. Backups should be stored offline and disconnected from the network. As part of the entities’ governance program, leaders should request and review evidence of the test restoration tasks and work plans to address any gaps found during the restoration exercise.”

This is a short paragraph of recommendations, but as with many things, it is more involved to make sure these recommendations are put into practice. Like other security measures, it is important that your IT staff has the time and tools they need to prioritize these recommendations. In the hectic day-to-day, it can be easy to skip the review of the backup logs, assuming you will get to it tomorrow. As well, testing backups is important, but full backup restore tests can be somewhat time-consuming, and without the proper resources for this process, it can be tempting to put it off for another day. Similarly, air-gapped backups (backups either physically or logically separated from your network) can be another expense and, with tight budgets, funds might be allocated to performance-facing tools and equipment even though air-gapped backups are important. That is why CISA stresses the involvement of upper management - to provide the focus, funds, and accountability for the important as well as the urgent.

This week’s suggestion:

  • Talk to your Tech Director about what the current plan is for backups, test restores, and air-gapping backups

Next week’s bulletin will discuss “CISA Step 4 – Minimize Exposure to Common Attacks

If you would like more information on backups or navigating the NIST CSF journey, please contact Lisa MacDougall at or call 845.897.9480.