What practice will not assist during the recovery from insider threats?

In the context of recovering from insider threats, it's vital to have robust and secure backup practices. Keeping backups easily alterable inherently poses a significant risk, as it allows for the possibility that malicious insiders could manipulate or destroy backup data. This would hinder recovery efforts and might even exacerbate the damage caused by the insider threat.

Immutable backups are an essential practice because they cannot be changed or deleted once created, providing a secure point from which to restore data. Regularly testing the backup restoration process is also critical to ensure that backups are functioning correctly and can be relied upon in case of an incident. Moreover, establishing off-site backup storage protects data from local attacks, ensuring that backups remain secure even if the primary location is compromised.

Therefore, the practice of keeping backups easily alterable does not contribute to effective recovery from insider threats and can significantly undermine an organization's resilience against such risks.