World Backup Day: Essential Backup Strategies for Public Safety & Government

Protecting Public Safety Data from Cyber Threats

March 31st is World Backup Day, an important reminder that data backups are not just IT best practices, but essential for protecting public safety agencies and local governments from cyber threats.

Cyberattacks targeting public safety and government agencies are on the rise.

Some of the biggest threats include:

• Ransomware Attacks: Malicious software encrypts critical data, demanding a ransom for its return.

• Destructive Malware: Some attacks aim to wipe out data permanently.

• Data Theft & Leaks: Stolen citizen and government data can be sold or leaked online.

Cyberattacks, especially ransomware, have severely impacted emergency services, law enforcement, and local governments, making it harder for agencies to respond to crises. Without proper backups, agencies risk losing critical data or facing costly disruptions.

In this post, we’ll cover:

• How backups protect public safety organizations from cyber threats.
• The 3-2-1 backup rule and why you should follow it.
• The importance of testing backups regularly.
• Why paying ransoms is never the solution to recovering your data.
• Real-world examples of cyberattacks that caused major disruptions.

How Backups Protect Public Safety from Cyber Attacks

Cybercriminals frequently target public safety and government agencies because of the valuable data they manage. Ransomware attacks encrypt critical systems, leaving 911 centers, emergency response agencies, and government offices unable to operate. Without secure, tested backups, these agencies may be forced to pay a ransom—without any guarantee of getting their data back.

Just this year, we have seen destructive malware attacks that have taken networks down and potentially damaged or deleted critical data and system information, keeping important services offline, causing closures and disruptions. These attacks are destructive in nature, as named, and are escalating. Strong backup policies allow organizations to restore data and networks faster, to minimize downtime and compromise.

The Center for Internet Security reported a 51% increase in ransomware incidents targeting state and local governments during the first eight months of 2023 compared to the same period in 2022. These attacks disrupted essential public services, emphasizing the importance of reliable data backups to restore operations without succumbing to ransom demands.

The 3-2-1 Backup Rule: A Best Practice for Cyber Resilience

To ensure data is protected and recoverable, public safety agencies should follow the 3-2-1 backup strategy.

✅ 3 Copies of Data – One primary and two backups.
✅ 2 Different Storage Media – For example, cloud and physical storage.
✅ 1 Offsite Copy – To protect against physical disasters like fires or floods.

Why is the 3-2-1 Backup Rule Important?

Maintaining multiple backups created important redundancy for critical networks. Organizations reduce risks significantly by having three copies of data on two different media types, with one being stored offsite. In the event the first two media copies are compromised, there is still one backup available for recovery.

The 3-2-1 backup rule covers various scenarios where the first two backups that may be online are attacked or encrypted. An off-site copy of your backup covers targeted attacks and keeps it off your main network, making it harder for cyber criminals to gain access to. That allows organizations to restore critical information, systems and data without feeling pressured to pay the ransom to get back online, avoiding damaging downtimes for critical networks.

Why Backup Testing Is Essential

Creating backups isn’t enough—they must be tested regularly to confirm they work. Without testing, agencies may not realize their backups are corrupted or incomplete until it’s too late. Establishing a routine schedule for backup verification ensures quick and complete recovery after an incident.

Best Practice: Schedule regular backup verification tests and disaster recovery drills to confirm your data is secure.

Never Pay Ransoms: Cybercriminals Can’t Be Trusted

Public safety and government agencies should never pay ransoms to recover data. Cybercriminals are unreliable, and there is no guarantee they will return your files. In many cases:

• The data is permanently deleted or returned corrupted.

• Paying the ransom incentivizes more attacks.

• Attackers may sell or leak sensitive public safety data.

Instead, invest in secure, tested backup solutions to restore your systems without negotiation.

Consequences of Data Loss in Public Safety and Government

If an attack wipes out data without proper backups, the consequences can be devastating:

• 911 call records lost, impacting emergency response.

• Public safety networks disabled, delaying critical services.

• Leaked personal data, risking identity theft for staff and citizens.

• Operational downtime, costing thousands in recovery efforts.

Take Action This World Backup Day

World Backup Day is the perfect time for public safety agencies and local governments to assess and strengthen their backup strategies. A secure backup plan can prevent cybercriminals from holding your data hostage and ensure you can quickly recover from any attack.

SecuLore specializes in cybersecurity for public safety networks, helping agencies create robust backup and recovery plans. Let’s make sure your agency is prepared.