Every so often we’ll give away a sampling of our services to businesses, in order to display the level of service and management we provide to our business clients. We’ve recently been offering a complimentary Business Continuity and Disaster Recovery (BCDR) review; a fancy term that encompasses both backup/recovery solutions and business process. We spend a small amount of time reviewing your BCDR strategy and see what needs to be fixed.
The reason for this is simple – this year we’ve seen an unprecedented amount of situations, namely malware/ransomware breaches, that could have been easily remedied with a proper BCDR plan in place. So this month, we’re looking back at an article we wrote this time last year on a topic that’s even more of an issue here in 2018…
This summer (2017) , there seems to be a constant feed of global news coverage on a ‘new’ version of Ransomware that cripples businesses world-wide. Two months ago it was the WannaCry worm; this June it was the Petya cyber-attack, which received coverage for shutting down Russia’s largest oil company, Ukrainian banks, and Cadbury Chocolate (whose factory closed for days as a result).
As more and more of a business’ value is held within technology, this trend will continue to increase. It’s no longer a question of if the security of your data will be compromised – it’s a matter of when. In order to protect, detect, and respond to a security threat, a business’s IT infrastructure requires attention 24/7/365. Firmware and software updates must be performed; security patches must be constantly updated. Firewall logs must be continually be monitored to detect incoming threats and react accordingly.
In our local areas with smaller businesses and limited resources, it’s very unlikely that IT security receives the attention it deserves.
If an IT security breach is imminent, then how does one protect their business’s technological assets (think financial data, customer data, PCI, HIPAA, etc.)? Most Ransomware/Malware threats work by encrypting the entirety of your company’s data, leaving you unable to continue your business processes. This can be incredibly costly! A local business recently came to us with this exact situation and as a result had been “down” for 2 days – that’s 2 days of payroll, lost business, etc.
One of the best methods is to have a proper backup that allows for immediate retrieval of your company’s valuable data. In the event of a data loss, the goal is to be able to recover your data as quickly as possible – there are a number of solutions that best achieve this, depending on your need for immediacy.
Here’s a best case scenario: a local company we work with had an employee that accidentally opened a personal email on their work computer in their business environment. Within minutes, the Ransomware infection spread itself to the company’s shared drive and server. Every file on their server was then encrypted and no longer accessible. For a company that requires constant “uptime” from their IT infrastructure, this is a huge deal. But with proper backups in place, we were able to restore their server to it’s last (Ransomware-free) data backup, which was an hour before the infection took place. One hour later, the company’s environment was back up and running with a very minimal loss to business processes.