Ransomware Life Hack #3 - Have a Solid Disaster Recovery Plan
This is the third and final post in a 3-part series featuring ransomware prevention and mitigation tips for how businesses can avoid falling into the same cyber-attack traps we've seen time and time again.
Scroll down to watch the third ransomware hack video of the series!
There is no way to prevent 100% of the cyber-attacks 100% of the time. Nobody is safe. Everyone is susceptible. Wow - this is starting to sound like a Zombie Apocalypse movie. But it's true!
Don't be caught unprepared when it happens to your business.
We always try to impress this upon our clients: it is the responsibility of the executive team to ensure the security of client and employee data. You can do everything in your power to prevent a cyber-attck but in this day and age, it will inevitably happen, and when it does, your organization must be able to maintain business continuity. To help you determine what type of backup and disaster recovery plan is right for you, try using the 3 C's: Criticality, Complexity, and Culture.
Think about the importance of your employee, client and proprietary business data. How many hours of data churn and how much productivity can your organization afford to lose? Could your data be compromised or leveraged against the company, vendors or clients? Does your organization need to comply with insurance requirements or federal standards and regulations like PCI or HIPAA with regard to your data? How much of your daily operations rely on your employees freely accessing data? Take a moment to really think about the answers. If your daily operations rely heavily on accessing your organization's data, or you must comply with industry-recognized standards, you will want to opt for the plan with a faster recovery time (RTO) along with more frequent backups (RPO) and offsite data synchronization.
Complexity is about being able to function normally in the event of a disaster occuring. Can you run all of your critical systems with all of their dependencies if your system was down due to a ransomware attack? Every company has a diverse set of systems on a variety of platforms that all need to be backed up. Wether those systems are on-premise or in the cloud, you must have a disaster recovery and backup plan that will accomodate them. Archiving might be an important feature you'll want to include in your backup and disaster recovery plan, like an HR backup system, particularly if you have critical employee information or if an employee decides to leave the company and you'd still like to access their data.
What cybersecurity training have your employees undergone? As we discussed in the last ransomware life hack, employee negligence is the number 1 reason SMBs are vulnerable to attacks. It is important to make sure you are preaching the proper protocols and implementing policies that will protect your organization from an employee making a weak password or clicking on a phishing email. Check out our latest blog about password policy to get some tips on creating the best password policy for your organization.
Request a Security Assessment
We wouldn't be doing our due diligence if we didn't point out that to be truly secure, you have to have a multi-layered, cross-organizational comprehensive security plan in place to accompany your backup and disaster recovery plan. A solid password policy can save your organization time and energy, but to cover your bases, you need to cater your security plan to meet the security, deployment, and management requirements of your unique organization. In order to identify these requirements, along with all of your network vulnerablilities, it is best to start with a security assessment.
To request a free consultation with a blackpoint security consultant, you can schedule an appointment or call (866) 575-9512.