When Ransomware Strikes: Does Your Company Have a Data Disaster Recovery Plan?
Last year, nearly half of businesses were hit by ransomware. In the first half of 2016 alone, ransomware cost enterprises $209M. Even worse, experts predict that ransomware “will spin out of control” in 2017. Apparent in the headlines, ransomware is rampant and those who commit the attacks aren’t discriminating against any industry, company size, or company location. It’s no longer a question of if your company will be targeted by ransomware but rather when your company will be targeted by ransomware. To prepare, all enterprises should have a data disaster recovery plan to fight back.
The US Justice Department warns that “paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after paying a ransom … [after paying,] some victims were asked to pay more to get the promised decryption key.”
With a little bit of preparation and forethought, your enterprise could quickly retrieve data backups needed to keep the business running instead of haggling with cybercriminals to get access to vital and sensitive documents and ending up in the headlines for the wrong reasons.
Here are three best practices to get your company started on building a personalized data disaster recovery plan to combat ransomware and other data loss disasters:
1. Know the Facts
You can’t protect your assets if you don’t know what they are and where they reside. The first step of any data disaster recovery plan should be to take inventory of assets. Conduct a full risk assessment and business impact analysis to examine the consequences of disruption to a business function and processes. Understanding the impact of data loss on business-critical functions is crucial for personalizing your data disaster recovery plan. Don’t forget to include legal and audit ramifications.
Secondly, know the facts of your company’s agreement with third-party vendors who handle your data. Don’t be lulled into a false sense of security if you use collaboration platforms like Microsoft Office 365 or Google Workspace. While they provide great capabilities, these SaaS applications can’t fully protect customers from data loss caused by ransomware, sync errors from integrations, or human error. It’s not that these providers don’t want to help, they simply can’t. When data is encrypted, changed or deleted by ransomware, sync errors, or other destructive activity, these actions look just like their customers changing or deleting data for legitimate reasons to the SaaS provider.
2. Make It a Team Effort
Long gone are the days where only one person is responsible for enterprise security. To succeed, the entire company needs to be involved in securing its data and assets as part of the data disaster recovery plan. To this end, spend time and resources on educating your users on security best practices to prevent ransomware and phishing. Identify high-value targets for ransomware, spear-phishing, etc. and monitor for unusual activity on their end.
A hacker only needs one careless employee to gain access to your whole network. By having your whole team engaged in good security practices, hackers will be hindered by a united front. As Ben Franklin once said, “an ounce of prevention is worth a pound of the cure.”
3. Back Up Data & Test the Process
Ransomware attackers rely on the fact that majority of users don’t have a good way to restore data from a backup. Counteract this ploy by regularly backing up your data with automated systems that ensure point-in-time restore.
Don’t stop there though. Backups are only as good as the recovery that comes with them. Take the time to periodically test the restore process to ensure that restored files from backups are useable and accurate. In a moment of panic, you should be able to recover your data without thinking and get it back exactly the way it was before.
Don’t become a statistic – make the investment to build a data disaster recovery plan before you need it. Take time to do the research to know the facts of your data assets and risks, make security a team effort and back up your data and test the process. You’ll never regret preparing too much but you’ll definitely regret having to cough up tens of thousands of dollars in bitcoin to get your business-critical data back and landing in the headline of every security publication naming your company as the latest victim to ransomware.
Are you a Google Workspace or Office 365 Admin?HERE’S WHAT YOU NEED TO KNOW An earlier version of this article was originally published in InfoSec Island.