Using CPGs in Real Life – Perform and Test Backups

March 13th, 2024
Using CPGs in Real Life – Perform and Test Backups

What would you do if you came into school tomorrow and were told that all your District’s data had been corrupted? Your next step would be to check in with your IT staff to see if they were clearing your system and restoring your data with a backup. But what if that backup was compromised or did not contain the data it was supposed to?!

That concern is why CISA (Cybersecurity and Infrastructure Security Agency) has listed performing and testing backups as the third most important step in keeping your network as safe as possible.

Many districts believe they are backing up their critical data, but few have the time to perform test restores to make sure that the backup is being performed properly and the data is not compromised. That is why your IT staff must have the time and tools they need to prioritize this recommendation. In the hectic day-to-day, it can be easy to skip the review of the backup logs, assuming you will get to it tomorrow. Also, testing backups is important, but full backup restore tests can be somewhat time-consuming, and without the proper resources for this process, it can be tempting to put it off for another day. Similarly, air-gapped backups (backups either physically or logically separated from your network) can be another expense and, with tight budgets, funds might be allocated to performance-facing tools and equipment even though air-gapped backups are important. That is why CISA stresses the involvement of upper management - to provide the focus, funds, and accountability for the important as well as the urgent.

This week’s suggestion:

  • Talk to your Tech Director about what the current plan is for backups, test restores, and air-gapping backups

Do you have questions about where to start with better backup and test restore implementation? Are you feeling overwhelmed by the NIST Cybersecurity Framework and CPGs? Call CSI and ask how we can help you understand and help mitigate your Cyber risk. We have a specific service to help you get started on the NIST CSF journey. Just contact Lisa MacDougall ( or 845.897.9480.