Huntress has posted a blog discussing why simply having a backup process is not enough to protect an organization. Essentially, it is crucial that backups be verified and tested. Organizations need to define their recovery time objective, or how long it takes to recover from backups, and their recovery point objective, or what categories of data are necessary to back up in order to continue operations. Once these objectives are agreed upon, organizations have a metric to measure their current backup process against and see where it succeeds and fails. In addition, the author suggests that your backups follow the 3-2-1 rule, or “three copies of your data, in two geographically different locations, with one stored in a location that is not accessible from the regular environment like cloud infrastructure or a disaster recovery site.” Finally, backups should be regularly monitored in order to ensure the process is working and detect any abnormalities that might indicate something has gone wrong. Read more at Huntress.