The ransomware attackers aren’t just after your data. They want your data backup too. Organizations need to be prepared because the technologies around these attacks are getting more sophisticated, said Brandon McCoy, Senior System Engineer with Veeam at a recent ITWC briefing.
“The goal is to get organizations to pay out,” said McCoy. “The criminals will encrypt your data and delete the backup to make that happen. We’re seeing this more often now.”
ON DEMAND BRIEFING: A MULTI-LAYERED APPROACH TO DATA PROTECTION
It’s important to take a holistic and multi-layered approach to data protection, said Dale Levesque, Director, Cloud Data Protection and Recovery at iland. “It’s about business outcomes,” he said. “Organizations should look at acceptable downtime and how that fits with their business continuity and financial requirements. If you lose all your data, how much will that cost you?”
Five best practices in data backup and recovery
Levesque and McCoy discussed five key steps that will help organizations protect their data from cyber attacks:
- Define your needs and budget
As part of their overall business plan, organizations should determine their recovery time objective (RTO) and recovery point objective (RPO), explained Levesque. RTO refers to how quickly the organization needs to be up and running after a disaster. Organizations should define their priorities in specific areas, Levesque said. For example, tier one applications such as credit card processing have to be up immediately, whereas other applications may be less critical. With RPO, the question is how much data can you afford to lose over what period of time?
“In a perfect world, we just want to instantly turn everything back on,” said Levesque. “But when we start talking about the price and the infrastructure overhead required, that’s not always feasible.”
- Know your responsibilities when working with third parties
People are sometimes surprised because they think that when they’ve moved to an online service, everything is going to be taken care of for them, Levesque. “But at the end of the day, you are responsible for your data and for your business.”
- Stick to the three-two-one rule
The three-two-one rule requires that organizations keep three copies of data on two separate media types and one offsite copy, said McCoy. “Not only do you have multiple copies of your data in case a repository is corrupted, but you’ve got one off-site in case there’s a physical failure,” he said.
- Keep authorizations up to date
Organizations must be proactive in removing users, such as ex-employees, that no longer need access. “Otherwise, they still have the keys to the kingdom,” warned McCoy. “Always protect on all fronts.”
- Test, test, test
One of the biggest points of failure when it comes to recovering data and applications is assuming that everything will work without testing it, said Levesque. In his view, it is not enough to test once a year. Rather, recovery systems should be tested at least quarterly or even better, monthly. “The longer time it goes, the more opportunity for failure,” he said. “The disaster is not going to wait until you’re ready. It’s going to hit when you least expect it, so be prepared by testing frequently.”