How Disaster Recovery Plans Can Thwart Ransomware Like WannaCry
Microsoft was quick to describe the WannaCry ransomware attack back in May as a wakeup call for organizations that were inadequately prepared for ever-evolving cybersecurity attacks. Indeed, the unprecedented attack encouraged many companies to rethink their disaster recovery strategies. After all, WannaCry wasn’t the first widescale ransomware attack, and it certainly won’t be the last.
While taking every necessary step to safeguard your systems from potential attacks should be at the forefront of your cybersecurity strategy, it’s important to remember that no system will ever be completely immune from an attack. Aside from implementing deeper data security controls and patching software vulnerabilities quickly, it’s as essential as ever to have a solid disaster recovery plan in place.
Defining Your Recovery Point Objective
Backing up your business data is one thing, but relying on backups that are woefully out of date can lead to disaster. Instead, what you need is a fully automated solution that keeps data backed up according to a predefined schedule. Ideally, you’re going to want the most important data to be backed up in real time through automated synchronization with off-site storage services.
One of the most important elements of business continuity planning is your recovery point objective (RPO). Your RPO refers to the maximum period during which data might be lost due to a ransomware attack or any other disaster. RPO basically assigns a limit that defines the maximum amount of data your company can afford to lose before the point of no return.
The most important factors to consider when defining your RPO include how often data changes in your business, how often backups should be scheduled, and how much storage capacity you’ll need to maintain your archives. The optimal RPO will vary depending on your business, and you may even want to assign different RPOs to different systems.
Storing Your Data Off-Site
As the WannaCry attack perfectly exemplifies, malware can spread like wildfire through unprotected systems. Once it penetrates your network, there’s a good chance it will attack your server, storage area networks, backup archives and redundant systems. In other words, just like a natural disaster befalling your physical business premises, malware can also wreak havoc on all your systems.
To rely purely on on-site backups is to put all your eggs in one basket. If a severe data breach, ransomware attack, or other disaster occurs (either digital or physical), then there’s a good chance you’ll lose a lot of data. However, by using off-site data storage resources, your data will be practically impervious to loss.
Recent studies have shown that 43% of companies that have suffered data disasters ended up closing for good. This statistic should hardly come as a surprise, given that data is the most important asset in modern business. However, having a copy of all data stored in multiple remote facilities will ensure that your business can quickly get back on its feet after a disaster.
Raising Employee Awareness
Contrary to what many people say, the weakest link when it comes to cybersecurity isn’t technology – it’s the human element. Even the most fool-proof systems in the world can be only as effective as the people using them. In other words, the biggest risks facing your organization often come from within, whether due to deliberately malicious intent or to a lack of employee training and awareness.
Like most cybersecurity threats, ransomware is sneaky, typically making its way onto your systems through social engineering scams. These attacks use increasingly advanced tactics used to dupe victims into giving away confidential information, such as login details or payment information. Other scams may try to encourage victims to click malicious links or open malicious attachments.
While technology can help you safeguard your business, there’s no substitute for employee training. All the security, disaster recovery, and business continuity policies in the world will be all but useless if your employees are clueless about the threats. Fortunately, 24/7 monitoring services can alert you whenever a suspicious activity takes place, but you’re still going to want to build a team that’s aware of the risks.
At Dyrand Systems, our Backup & Disaster Recovery service ensures that your company can quickly get back to business after any kind of data disaster. To learn more about our disaster recovery and business continuity services, download our brochure today.