Try demo

Week 4: Injuries and handcuffs are like data breaches, backups, and cybersecurity recovery plans

Always have a backup. And a backup to your backup. And, if possible, a backup to that backup. Followed by a cybersecurity recovery plan.

The information security universe is suspended upon the back of a giant backup. And what is beneath that backup? You’re very clever, but it’s backups all the way down!

In fantasy football, the handcuff strategy—in which you invest high draft capital on a star running back like Christian McCaffrey, and then invest late draft capital on his backup (Chuba Hubbard)—protects your investment and mitigates loss of production in the event of an injury. The handcuff is a basic exercise in risk management. When someone goes down, you have a built-in plan to recoup the productivity losses short-term and, in the case of a stud backup like Kareem Hunt, potentially not miss a beat.

Backups and risk management are conceptually very much the same in IT and information security. The migration to the cloud and shift to remote work has created many more surfaces for hackers to attack. If one of those points gets breached, it could shut down your whole business as surely as a power outage without a generator. Actually, it’s even more tenuous. If a vendor in your network gets breached, it could spread throughout the ecosystem and to you, like with Kaseya in July 2021.

Are you prepared for a breach? Do you have a contingency plan?

In an information security data recovery plan you’re looking at how to prepare for and respond to a breach in a way that best protects your assets and allows for business continuity. As injuries are a constant in fantasy football, breaches are a certainty in IT. Breaches are a matter of when, not if. So, with that established, you can proceed with your “handcuff strategy” of a formal data backup/protection strategy and a security recovery plan (which isn’t the same thing as a disaster recovery plan, like hurricanes disrupting offshore oil rig production; cyber threats can be as catastrophic, but are more dynamic).

Have a plan in place that lets you move forward as quickly and effectively as possible after a breach. One way to build that backup plan is to start with how you, well, backup your data. As much as possible, backup data should be kept physically separate from the primary system. You could back up data in the cloud with a provider who specializes in secure data storage and backup management as a service. Or you could back up data on a secure physical server (although that can create its own headaches of server management that will distract IT and infosec teams). Data encryption should be involved in backups, regardless.

So you’re backing stuff up and it’s encrypted. Now, have a game plan for what to do when your data goes down and your backup steps into action. The right plan can be the difference between an attack being as crippling as an ACL tear, or as mild as a twisted ankle.

A security data recovery plan will establish processes and controls that will:

  • Identify your “crown jewels,” or critical assets
  • Manage offsite backup data storage
  • Identify breach
  • Isolate threat and minimize its spread
  • Protect assets after breach
  • Collect evidence of the breach, with root cause analysis
  • Have controls in place that protect against future loss
  • Have cyberinsurance to, for instance, pay out for a ransomware attack
  • Have a team constantly updating the plan and controls to keep up with the changing threat landscape

Just remember: a good offense is often the best defense. This remains true in cybersecurity, where a great awareness program turns employees into active threat hunters. Nearly all breaches contain a human element. Empowering people with the skills to detect and vaporize a phishing attack will cut your risk of a breach significantly.

And with that, let’s look at waivers this week through the lens of having a good backup in place!

Trey Lance, QB, SF 49ers: Maybe Jimmy G is out for extended time. Maybe not. But the Trey Lance era is coming, and it’s going to be Lamar Jackson-level awesome. This kid produced points against the Seahawks on Sunday even though he looked kind of shaky and unprepared, which he was as the backup. Imagine what he’ll do with a Kyle Shanahan game plan. This is a backup destined to be the future.

Damien Williams RB, CHI Bears: David Montgomery has looked good, so it was a bummer to see him go down. Damien Williams was great in KC not long ago. CHI seems to be running the ball well, and I wouldn’t be surprised if Williams produces just a tick below Montgomery. Pick him up if he’s available.

Khalil Herbert, RB, CHI Bears: If Williams isn’t available, Herbert is worth a flier. He’s a talented player and it’s not likely Williams will ever be a 3-down back. The rookie Herbert has an opportunity to emerge.

Kadarius Toney, WR, NY Giants: Tough breaks in that New York receiving room. But the highly-touted first round pick, Toney did some nice things last week with more opportunities. This offense looks like it’s about to open up with Saquon Barkley rounding back into form. Toney is a backup with nice upside.

Dalton Schultz, TE, DAL Cowboys & Evan Engram, TE, NY Giants: This will be your last time to pick up Schulz. It’s his job, not Blake Jarwin’s. And this matchup between Dallas and New York will likely produce some points for the tight ends on both sides of the ball, including still-talented-but-underperforming Evan Engram.