Not just any back, but a comprehensive copy of everything that is important to your business, organisation or yourself in two different locations.
In three weeks we have been called into five organisaions to get them up and working after a failure, attack or cyber event.
One of them was a client of ours (luckily for them) but the other four were not (unlucky for them) none of the four had a service level agreement in place, an in house dedicated IT person or any form of IT security help or support.
Two of them lost everything and have no way of recovering their business data.
They are now hoping that they can piece together their business from email, conversations, other data that could be used and an old backup from 5 months ago. I expect them both to be out of business within 6 months.
Two of them had a backup but it had never been tested and because it had never been tested was missing data for critical business systems.
Recovery of the data was hit and miss but 100% of non critical data was recovered. Only 60% of their important files and data was recovered.
They will continue on but it will be difficult and profits for the business will definitely be down.
This is the reason you need someone like us
The fifth one, had a ransomware attack. All data was backed up in two locations.
They had an onsite backup, an image based copy of all the data, created every 15 minutes during the working day and stored on a SAN. This backup data was also corrupted from the ransomware attack as it was part of the system.
It was connected all of the time (in band) therefore the ransomware saw it as a connected system and encrypted it all.
They also had an off site backup. An out of band backup that mirrored the onsite backup. This is the backup that was used to recover the server.
The backup was copied onto a portable hard drive and delivered to their office within 6 hours of discovery of the attack. This backup image was spun up as a virtual server, and staff were back at work the following morning as if nothing had happened.
Once everyone was working we could now look at the issue. At the start the server was isolated, and all computers were investigated for malware.
If malware was detected then these computers were also isolated.
A breach plan was initiated.
A read only copy of the hard drive was taken for forensic investigation. The server was then rebuilt from scratch and the data was trickled from the virtual to the physical over a period of three days. All infected computers were also rebuilt.
Once complete all data was checked, the virtual system was shut down and the main server was now back in charge.
The take out from this are:
- Make a backup of critical data, both on line and off line.
- Test the backups regularly to ensure that you are getting all of the right data
- Test your off site data rigorously. It is your safely net (ransomware, hardware failure and disasters).
- Make sure that the backups are reporting back to you on the completion of each day. If it fails get it investigated ASAP. The moment you let it lapse is the time you will need it most.
- Have a breach plan and test it.
- Cost are subjective – $200 per month for off site backup and up to $2000 per year for on site are not an expense you can not afford.
- Having a comprehensive backup for all your data is a safety net.
If you don’t have one you will regret it!