This is the third and final part of our three part series on ransomware risk mitigation. In part 1, we examined three critical items to address in preventing a ransomware attack. In part two, we added four additional steps you can take to prevent an attack. Let’s say you have done everything possible to avoid a ransomware attack, but one still happens. Now your focus needs to shift to maintaining business continuity and data restoration. The best way to do this is through a comprehensive data backup plan.
As the number of cyberattacks continues to rise across the world, the importance of data backups cannot be stressed enough. In the unfortunate event that a ransomware attack would happen to your company, your best hope at keeping your business moving forward in the aftermath would be to have the safeguard of data backups.
Paying the ransom is not something we (or the United States CERT Center) recommend – it only encourages more ransomware attacks and does not guarantee your data will be returned to you. Ideally, instead of paying the ransom, you should aim to restore your systems from backups. Here are some strategies for planning and managing those backups.
- Every business should have a disaster recovery plan. If you don’t have one, engage a qualified vendor to assist you in developing a disaster recovery plan. Recovering from a ransomware incident is not easy and having a plan makes recovery significantly easier.
- During your planning process, you should have identified each system (file storage, mail, etc.) and its backup method. Regularly review these systems and backups to confirm they are still getting backed up, and then confirm you can recover from those backups.
- Most backups have a remote, internet-based storage component. When designing the remote storage aspect, verify that if a bad actor takes over the server the backups run on, they can’t remotely encrypt or wipe the remote backup copies (which would leave you without restoration options). This does happen (local backups get encrypted), and you need to be able to recover from this scenario.
- Many companies do not backup workstations. If they all get ransomware on them, how will these be recovered? How many of them do you need to recover? Workstations should always be addressed in your disaster recovery plan.
Backing up your data should be incorporated into your ransomware risk mitigation plan, along with the rest of the steps we’ve discussed. It is integral to keeping your company, employees, and clients safe in the event of a cyberattack. Without your data protected, you company may not be able to recover after a ransomware attack. 60% of small businesses that fall prey to ransomware attacks go out of business within six months of experiencing an attack, and 68.5% of businesses have already been victimized by ransomware in 2021.
Despite those staggering facts, there is no need to panic. As long as you have the right safeguards in place, such as a risk mitigation plan and data backups, a ransomware attack should not cripple your business. With the right protection in place, you and your company can stay safe and thrive for many years to come.
We hope you enjoyed our series on preventing ransomware attacks. Hopefully, it sparks thought and inspires you to get going with these recommendations and sit down with an IT professional to discuss fully implementing them. As always, as your Technology partner, Solution Builders is here to help if you have any questions.
This week’s post is by Tim Malzahn, Principal Consultant at Malzahn Strategic