Employing layered endpoint security and regular end user training is absolutely critical when it comes to protecting your data from ransomware. But the simple fact is, no amount of education and security will prevent every attack. That’s where backup and recovery comes in. It’s the insurance policy that protects you from ever doling out a single bitcoin.
How do you ensure your data is recoverable? How do you increase the resilience of your systems?
We’ll explore the best practices that will allow you to operate “business as usual,” regardless of a cyber criminal’s ability to breach your defenses.
Assess levels of data availability against business requirements
Your IT budget is finite. So, the first step in implementing a robust backup and recovery strategy is to identify the level of availability your data requires.
A retail business may plug along just fine without a marketing brochure for a day, but an encrypted point-of-sale application could be crippling. Likewise, an inability to access accounting systems for several hours might be a tremendous inconvenience for a hospital, but encrypted patient records could threaten lives.
So, take the time to document all of your systems, applications, and data. Then, identify which are business-critical and which won’t impact your organization if they take a day to recover.
With this information in-hand, you’ll be equipped to target the right data with the right level of availability, both delivering on business requirements and ensuring you stay within budget.
Adopt a 3-2-1 backup strategy
Backup isn’t sexy, but it’s worth your time to get it right. That’s because ransomware encryption is becoming more and more sophisticated—meaning brute force decryption is now a near impossibility.
If your systems are infected and you have a sound backup strategy in place, however, your organization will live to fight another day.
Redundancy is the name of the game here. That’s why we recommend you implement a 3-2-1 backup strategy, which means you maintain:
- Three copies of your data, at minimum
- Two local copies—with one of those copies leveraging offline media
- One copy replicated off-site
Ensure both Windows and Linux systems are protected
While ransomware infections on Windows systems are nothing new, recent attacks on Linux servers are snapping some from their false sense of security.
To be clear: No server, operating system, software, or application is safe from ransomware. Some are just targeted more heavily due to their greater market share.
Today, Windows infections are largely the result of:
- Phishing emails
- Office vulnerabilities
- Macros in Office documents
Meanwhile, the use of Linux on a desktop system is rare. That’s why Linux ransomware attacks are most often seen on the server. That’s why we recommend you protect Linux servers with an antivirus product that supports Linux.
We also recommend that you set permissions on your executable files. That way, you’ll be able mitigate attacks on those files to an extent.
Optimize your backup for successful ransomware recovery
It’s not uncommon for an IT admin to run a backup after business hours, and then cancel that backup the following morning because it’s still running at the start of the workday.
And, when that happens, your organization is vulnerable to data loss.
That’s where deduplication comes into play.
When you leverage source-side global data deduplication, you dedupe data at each node, site, and job. And, that means you’re able to tighten backup times and reduce your backup footprint—saving you time and money, while improving your ability to recover from ransomware
Leveraging virtualization for increased recoverability
Virtualization can play a critical role in your ransomware recovery strategy.
Enable your IT team to spin-up instant virtual machines and leverage virtual standby, and you’ll leverage a cost-effective way to ensure optimum data availability. Remember, you can access these capabilities via public cloud services, like AWS, or through your hypervisor.
Ransomware recovery testing
A backup and recovery strategy isn’t worth the paper it’s printed on, if it’s not effective. And the only way to know if its effective is to test—and test often.
That’s why we recommend leveraging automated testing and non-disruptive disaster recovery testing as part of your broader backup and recovery strategy. With these capabilities in place, you’ll be empowered to test more often and more cost-effectively.
Furthermore, the resulting RPO and RTO reporting will immediately help you identify if you’re meeting your objectives, where your weaknesses lie, and whether further data protection investment is called for.
Your backup and recovery deployment options
Whatever backup and recovery solution you choose, keep in mind that it will be your lifeline should you get hit by a ransomware attack. Seek reliability, efficiency, and cost-effectiveness.
It’s a form of insurance you can’t be without.
Here are some options you’ll want to consider.
Cloud backup and recovery
Affordable, encrypted cloud-based public options are out there—and they’re definitely worth exploring.
Amazon AWS, for instance, is one option that offers flexible offsite backup and recovery. With its powerful cloud integration, you can:
- Replicate recovery points to the cloud
- Spin up virtual machines for business continuity
- Leverage virtual standby to ensure efficient recovery
You’re also able to customize recovery point objectives (RPO) and recovery time objectives (RTO) to manage costs.
Data protection appliance
Data protection appliances are another option for a range of applications, including small and medium-sized businesses and remote offices.
They offer an all-in-one hardware, plus software solution, including:
- Storage and deduplication
- Cloud gateway
And, since they’re a plug-and-play solution, they deliver the simplicity that allows IT generalists—and those without any IT background at all—to unbox and deploy in minutes.
Offline media can play an important role in your backup and recovery strategy—especially where minimizing costs comes into play.
Offline media options worth your consideration, include:
- USB disks
- Offline public cloud
Your business critical systems, applications, and data are under a constant state of threat. In fact, a recent Cybersecurity Ventures report finds that a ransomware attack occurs every 40 seconds—and by the end of 2019 an attack is projected to occur every 14 seconds. It’s clear that you need a vigilant army of end users…
There it is—the ransomware lockscreen staring you down with its arrogant gaze, just begging you to cry, “Uncle!” So much for your pleasant morning cup of coffee. So, now what? What steps should you and your IT department take to mitigate the damage and restore your data? The answer is: It depends. Here are some…
It’s a never-ending battle: Hackers relentlessly look for a way into your digital house, you work overtime, boarding up the windows. Meanwhile, your employees stand in the threshold graciously offering their up their keys. We know employees are the primary cause of data breaches—and that login credentials are almost always employed at some phase of…
This month, a Grand Canyon-sized hole in WPA2 WiFi security protocol was discovered—and, it’s a vulnerability that has the potential to spell catastrophic consequences for organizations and their mobile workforces. So, what does the threat mean to you? And, more importantly, how can you use WiFi safely? Let’s dig in. KRACKS is a threat to…