Protect your business against Ransomware

…with Data Backup!

There are many reasons your business should ALREADY be conducting regular backups of your data – compliance, business continuity, and ensuring continued access to critical business data are just a few.

Here’s a new one to add to the list “Reasons Why You Should Do Backup!”: it can be the last line of defense against ransomware.

I addressed why you need to worry about ransomware in a previous post. Read Could Your Patient Data Be Held for Ransom? If you missed it.

There’s more to it, but essentially, hackers are coming after small businesses with ransomware because they’re almost always easy targets. Medical practices have an additional layer of risk because a ransomware penetration can result in HIPAA violations.

A Layered Approach to Security

Network and data security isn’t an all or none approach. Every good security plan will have multiple layers – that’s why I say that data backup is the LAST layer of defense against ransomware.

IT security isn’t an either/or approach. There isn’t one well-constructed Great Wall of Consolidated that we create for clients that, once broached (because walls are almost always broken – even the great ones in history) renders your inner network defenseless.

Security is more complicated than this, but for simplicity – here’s a quick look at how we layer network defenses.

The first step is to have a network security strategy. Every company needs a security strategy to identify likely threats and cost-effective preventive measures. Part of strategy is also an exercise in math. How many network-connected devices are in your office (printers and copiers too, not just laptops and PCs)? How many employees do you have (and do you still have accounts for ex-employees)? How many programs connect to the Internet? How long can your email be down before it impacts your business?

Once your strategy is in place, it’s time to apply a layered approach:

  • Security controls for compliance
  • User compliance – train staff in appropriate security and privacy protocols and best practices. For example, but a phishing attack – which is how most ransomware attacks succeed – requires someone in an office to click on something they should not (a link, an attachment, an email). You need to practice good Web hygiene when working online. You can read more about good security hygiene here
  • Web filtering/Email filtering – based on rules, this software sorts through websites and emails to determine if all or a portion of those should be blocked.
  • Anti-virus – blocks malicious software
  • Backup and disaster recovery – periodic backups of your company data and/or virtual desktops

As part of a layered approach, proactive network monitoring and ongoing security patches continually occur in the background.

With a layered approach, you’re very well protected, but hackers are constantly evolving so there’s always a chance of a successful attack.

So how does Backup and Disaster Recovery fit as a protection against ransomware? IF an email gets through AND a user clicks it AND the blocking software misses it AND it makes it through your Web filter. If ransomware makes it through all that, then you still have a reliable backup, from which you can restore your system.

Data Backup to Protect You Against Ransomware

With active data backup, you always have a near up-to-date picture of your business’ data.

So, when the countdown clock for the ransom appears on your screen (if it gets through all those layers), you will not have to pay the ransom.

Contact your Managed Services Provider (MSP) and have them do a restore. Depending on how frequently your system is backed up, you may lose some data. Depending on your service levels that could be minutes, hours, or days.

But the ransom is moot because you had a successful and tested backup plan in place.

Don’t be held for ransom.

Include a solid data backup plan as part of your security posture. You’ll be glad you did.

 

Leave a Reply

Your email address will not be published. Required fields are marked *