sOne of the companies at a conference I attended a few years ago had the title, "It isn't bragging if you can back it up," as its giveaway T-shirt.
They were, of course, a backup company, or as it’s advertised in the industry: “off-site data storage.”
This industry began decades ago when hard drives were not always dependable. As technology has improved, of course cyber criminals have as well. It is time to discuss this tool that is useful in protecting your data, whether it be from natural disaster, accidental deletion, hard drive failure or cybercrime.
Regardless of the type of attack, virus, rootkit or worm, it is vital to your recovery from such an attack to restore your data to the point just before infection. So let’s say an employee clicks on the wrong email and installs a ransomware virus like CryptoLocker or the latest headliner, WannaCry. As hard drives around the company become encrypted and monitors throughout the company display the familiar skull and bones with text describing how many bitcoins you will need to give them to obtain a decryption key to get your data back, you immediately begin the proper steps to recovery.
Really? Would anyone at your company, including you, know what to do next?
Almost half of small and midsize businesses don't have employee security awareness and training programs in place. In other words, they have no training to avoid a data breach.
Even more disappointing, most employees of small and midsize businesses do not know what to do if their businesses experience a cyber attack. At a time when the number of ransomware attacks is exploding because of the profitability of the attacks, the easy distribution and high degree of success, most businesses and their employees are completely ignorant of the threat and what to do when it happens. All it takes is one wrong click.
First, you should have an information security policy and procedures in place. Just as starting a business with a business plan enhances the probable success of the business, an security policy takes you through a review of the threats and how you will mitigate them.
Every business has a budget. This is where your data security portion of that budget is going to focus. When completed, it also is a textbook to train employees what to do and when so that they can protect your business, their private information and the personally identifiable information of your customers. In a sense, it all begins with education.
If after identifying risks, mitigating those risks and training all employees in how to avoid a breach, you are still attacked, your policy should outline what to do next. As former FBI director Robert Mueller stated a few years ago, “There are only two types of companies: those that have been hacked and those that will be hacked.”
As soon as you realize a device has been infected, immediately disconnect the device from the network and stop backing up the data!
Disconnecting from the network halts the spread of the virus and discontinuing backups stops overwriting clean data with infected data. This is easier said than done. Spotting ransomware is easy. It takes over your computer, and you cannot do anything once it is fully deployed.
But the Ponemon Institute says organizations take six months to discover a breach on average, and there may be as many as six hackers stealing your information by the time it is discovered.
Next, remove the malicious software, then restore from your most recent clean backup. This can be really tricky and is usually best left to a professional, either an outside vendor or someone well-trained in your IT department. If not done carefully and correctly, you can finish the job for the hackers by infecting your own network. Like many other things in our complicated world, sometimes it’s best to call in a specialist to save time and money.
The key to this is the backup. If your data are compromised and you cannot restore it to a point prior to infection, you can either pay the hacker and pray they honor their part and give you the decryption key, or you can scuttle everything and start over. Neither proposition is attractive.
Don’t forget to notify the local authorities and the FBI through their IC3.gov website. In a real sense, “It isn’t bragging if you can back it up."