- March 14, 2024
- Catagory Data Protection
Protect Your Backups from Ransomware Infections
Your backups are not immune to ransomware – infected data can be replicated, so it’s important to configure your data protection so that mission critical information isn’t corrupted and clean copies can be easily restored.
Ransomware is sneaky, and it’s cross-platform. It can sit in in your backups – whether it’s an email, PDF, or Zip file, among many others – waiting to go off. And ransomware attacks don’t discriminate, either. Small and medium-sized organizations are just as viable a target for threat actors as large enterprises.
Ransomware starts with one computer, encrypting some or all its valuable data, but it can easily spread across the network, making all users susceptible and all systems potentially unusable. If ransomware corrupts a critical database, it can cripple your organization, which is why you must protect all your backups.
Preventing dangerous duplicates
If your backups are infected by ransomware, they are no more useful than your primary data – your restoration will just ignite a reinfection.
Protecting your backups from ransomware always starts by preventing users from downloading dangerous files that are riddle with malware, viruses, and ransomware. If a nefarious file does get through due to clever phishing and human error, you must make sure infections can’t be transmitted across your network through file sharing and syncing.
Most of all, you must prevent ransomware from accessing your backups at all costs. Although it’s impossible to fully protect your backups from threats, including ransomware, applying the right rules and leveraging smart software can minimize the likelihood of your backups getting infected.
Follow tried-and-true backup rules
The well-established 3-2-1 rule for backups continues be a good strategy for preventing ransomware infection of replicated files – you should have your original copy of a file, a duplicate that is stored on-site on a different medium, and a copy that is stored off-site. It is recommended that your on-site copy be stored on removeable media, such as tape.
Each of your backups requires a different approach – if you use tape, you should do a full backup rather than a differential or incremental backup. Your onsite tapes should be stored in a secure, fireproof location.
Using versioning for your backups can also prevent ransomware from infected all copies of your data – it saves a new version of the file as backup rather than wiping out the previous backup so you can return to an uninfected iteration, allowing you to easily roll back to a clean copy.
Roll backs are where software tools can help prevent your backups from being infected with ransomware as they can help manage versioning. However, your strategy is just as important as the tools. If you do a complete backup to on-site tape daily outside of office hours, you can back up the most current version. Even if ransomware hits the next day when users are likely to trigger it, you only lose that day.
Once the full backup is restored, you can review the offsite incremental backups done throughout the day to restore specific files with the latest and greatest versions.
Another strategy is to distribute your backups – by having separate backup systems for different types of data you can reduce the likelihood of ransomware spreading between them.
User endpoints are ransomware’s first target
No matter your backup strategy, protecting your endpoints is always your first line of defence when combatting ransomware. Endpoint data protection combined with employee cybersecurity awareness and training will contain ransomware within the first infected machine, reducing the likelihood of it infecting your backups.
- July 28, 2022
- Catagory business continuity
Why any data-driven business needs a UPS
We often talk about how data is the lifeblood of every business, but it’s not much use without power. That’s why any disaster recovery plan should include the use of an uninterruptable power supply (UPS).
Regardless of why there there’s a power loss, be it natural disaster, a localized outage, or a wider electricity grid failure, you need to keep mission critical systems up and running as best you can.
Having a UPS in place assumes your primary facility is still operational – depending on the natural disaster, your primary location could be physically damaged by fire or flood, for example. But if it is undamaged aside from a power outage, having a UPS kick in immediately for mission critical systems enables business continuity with little disruption to your customers.
Bear in mind that a UPS is not a standby generator or an auxiliary power system – it’s a battery-based device that will deliver provide near-instantaneous power as soon as an outage of the primary power source is detected. No matter how extreme the disruption, a UPS will provide a constant, consistent stream of energy. It will also compensate for other power-related issues such as voltage surges, spikes and sags, and any frequency differences – having a UPS in place all about maintaining stability during a disruption.
That being said, it may not be feasible to keep all systems running with a UPS, so your disaster recovery plan should outline which systems need to be maintained in the event of a power outage. If you’re a healthcare provider, for example, you’ll want to focus on powering the systems essential for delivering critical care in a hospital – having reliable power becomes a matter of life or death.
A healthcare facility is much like a data center, and even if you’re leveraging cloud computing for applications and data storage, any business regardless of its focus still has some on-premises IT infrastructure that needs to keep running, including network gear to connect to those cloud services. Ideally, any primary power outage is temporary and will enable you to continue core operations until the issue is resolved. Worst case scenario, you’ve bought time to figure out what your longer-term strategy will be if the nature of the interruption is especially serious and not expected to be resolved quickly, which can be the case with weather-related disasters.
If you’ve not included a UPS in your data protection and disaster recovery planning and you’re not sure how to best configure one, consult your managed service provider. Given their uptime commitments, they understand the need for uninterruptable power supply if they are to meet their Service Level Agreements (SLAs) with their customers.
Your managed service provider can help you map out where best to deploy a UPS and prioritize what systems must stay on at all costs – reliability and redundancy are their reasons for being. They can also help you refresh and update your disaster recovery plan to ensure business continuity in the event of a power outage.
As much as data is the lifeblood of business, there’s no pulse without power. And remember, it’s just a matter of when a major disruption occurs, not if, whether it’s bad weather that causes a power outage or a problem with the local grid. Having a UPS is essential if you’re to restore data and applications without any noticeable interruptions to key business functions.
- June 30, 2022
- Catagory cloud backup
4 Key Elements of Cloud-Based Disaster Recovery
Implementing cloud-based disaster recovery is the best way to minimize disruption and maximize business uptime, but you won’t realize the benefits without keeping four key elements in mind.
Data classification
Not all data needs to be backed up – it’s simply not cost effective, even with cloud solutions. You should understand what data you’re backing up, why and how quickly you need to restore it to keep your business running and avoid disruption for your customers.
Remember that not all business information is created equal. While some data must be archived and replicated offsite to meet compliance and regulatory commitments, mission critical information and applications should always take priority, with clear recovery time objectives (RTO) and recovery point objectives (RPO) so you restore operations quickly in event of any type of disruption.
Platform and provider selection
You want to simplify your cloud-based disaster recovery implementation as much as possible by using as few data protection tools as possible while covering all essential applications and systems – this where a managed service provider can provide guidance by applying their experience and recommending the best cloud-based disaster recovery solution for your needs.
Keep in mind you’re not just evaluating the technologies that back up and restore your data. You must also evaluate the provider’s infrastructure and track record. Your business goals, RPOs and RTOs, and any other requirements should be reflected any Service Level Agreement (SLA) and their data management policies.
Comprehensive testing
Never assume your cloud-based disaster recovery is working – you should know for sure through testing before implementing and then conducting regular fire drills once it’s up and running. Remember that the value of any solution comes down to how quickly and easily you can restore data and applications while minimizing disruption to your business operations and customers. They can be established through a proof of concept that runs through some likely scenarios to verify that your cloud-based disaster recovery is meeting the business goals, as well as your RPOs and RTOs.
Ongoing adjustments
Your disaster recovery plan is a living document. Together with your managed service provider, it should be adjusted and tweaked regularly to reflect changes in the business, including application upgrades, while also applying product patches and updates to the cloud back up solutions themselves. Be sure you and your managed service provider are on the same page as to who is responsible for what.
Maintaining cloud-based disaster recovery as an ongoing activity, not a one-time IT project, and you should always be reassessing its performance. Regular reports from your managed service provider allows you to understand if you are meeting the objectives and having confidence that disruption will be minimal when disaster strikes.
- May 26, 2022
- Catagory Data Protection
Every data backup plan must be put through its paces
A robust cybersecurity strategy is not the only way organizations protect sensitive information – having a data backup plan that’s tested regularly is essential to ensure complete protection.
While putting a disaster recovery plan in place can be daunting for small or medium-sized organization, it must be done because it’s only a matter of time before you face a major disruption that threatens your mission-critical business data. However, thanks to the cloud, its easier than ever to implement enterprise-class data backup with the help of an experienced managed service provider.
Your data backup plan should be part of a broader and comprehensive disaster recovery plan, which identifies all the activities, resources and procedures needed to carry out all processing requirements during interruptions to normal business operations. You may be tempted to back up all your data and applications, but ideally, you should focus on identifying the data and applications that are essential for running the business.
Even more important is to make sure your data backup is running properly. It’s easy to get complacent and take for granted that your backups are running on schedule and safeguarding the right data. But whether you maintain your own backup infrastructure or adopt a managed backup service from a outside provider, you must regularly test your backups.
It’s easy to get out of the habit of testing your data backup and assume you’re backing up essential data and applications when there are more pressing demands on your IT staff. However, none of the more strategic technology initiatives you’re pursuing will matter because your business can’t afford the downtime that comes with a disruption related to a data loss – it means lost revenue, productivity, and the loss of current and future customers due to a negative perception of your brand.
Whether it’s your broader disaster recovery plan or just your data backup process, you should be doing regular fire drills. Even if your data backup is still working, it may not be keeping up with changes to your business – your data and applications are not static. Applications and data evolve, and a dynamic environment requires regular monitoring. Whether you do your own backups or outsource it, you should always be testing, and any credible managed service provider will always be testing without you having to ask and part of your Service Level Agreement (SLA).
Knowing the right data is being backed up is not enough either. You should also have peace of mind that you can restore it and any applications quickly to minimize any interruptions in business operations. Your restoration process is a critical aspect of any data backup plan. Your fire drill should demonstrate the ability to mount the backup and access the relevant files quicky and that a virtualized backup copy is bootable. Remember that your storage used for backup is subject to defects, and files can be accidentally erased or overwritten. If your primary storage can fail, so can your secondary.
Even if you do have the capability to maintain a data backup plan in-house, it’s one more thing on the to do list of your IT staff and distracts them from more strategic initiatives, so you should consider engaging a managed service provider that can remotely monitor and manage your backup infrastructure, as well as send your backups to their hosted backup repository. This will reduce your capital expenditures and simplify your data backup.
Remember: It’s just a matter of when, not if, your organization will be faced with major data loss, so no matter how you decide to implement your data backup, regular testing not only minimizes disruptions to operations and your customers, but it also allows you to stay in business.
When technology fails, businesses go under. And if you’re like most organizations today, your business continuity is dependent on communications and networking infrastructure that carries the lifeblood of your business—data.
Your employees can’t serve your customers without it, nor can your mission critical applications continue to run. And for many businesses, a few days of downtime can meet shutting the doors. It’s essential to ensure maximum uptime so even if you do encounter a disruption, your customers never notice.
For small and medium-sized businesses, putting the checks and balances in place to guarantee business continuity can be overwhelming, and partnering with a managed services provider can ease the burden. Regardless of whether you outsource or scale up your IT team internally, there are four key ingredients you will need.
Data Protection
It doesn’t matter whether it’s through malicious intent or natural disaster—losing mission-critical data means a business can grind to a halt. You need a protection plan that encompasses all applications, files and databases to protect data in the event of human error, systems failure or corruption. This should include offsite data backup and recovery with comprehensive business continuity planning.
Secure Networking
Safeguarding data not only means protecting where it’s used and stored, but also while it’s in transit. Even if you don’t take advantage of a managed service provider’s expertise, you likely have data moving in and out of your primary location to cloud-based services, field offices or remote users. Securing these connections safeguards mission-critical data and applications, maintains service and performance targets, and protects against malicious threats.
Predictive Care
Maintaining all devices and equipment, including Wi-Fi endpoints, can be a daunting task and can monopolize the time of your IT staff. Outsourcing to a managed services provider who employs a predicative care model means you don’t have to worry about asset tracking, paying for onsite labour for repairs and replacement, or tangling with multiple vendors to get things reconfigured or fixed.
24 X 7 Support and Monitoring
Predicative care for devices can be complemented with comprehensive support and monitoring by a managed service provider, enabling you to tap a team of skilled support people across multiple shifts to cover your business users and their applications. Proactive monitoring keeps a watchful eye on your environment to prevent any potential issues that could lead a disruption.
Ensuring business continuity requires a lot of proactive planning and IT resources, but it’s better to invest the time and energy into preventative measures than paying the high cost of not doing it. A managed IT services provider can help you keep your business running smoothly by avoiding common errors and providing around-the-clock coverage with properly skilled staff.
If you haven’t begun to think about disaster recovery planning or feel your plan needs an update, check out our Disaster Recovery Primer.
- March 7, 2019
- Catagory Managed IT Services
A Good Disaster Recovery Plan Has a Team in Place Before Disaster Strikes
Recovering from any disruption requires the right people. When it comes to disaster recovery plan, success will depend on quickly mobilizing a team to maintain business uptime.
Every user in your company can be affected by an incident that is escalated to a disaster. By identifying people you will need to quickly restore operations as part of your planning, ideally your customers won’t be affected because you’ll be able top to bounce back quickly and minimize the disruption to business operations.
Keep disaster recovery reflexes sharp
Your disaster recovery plan should include a management team that takes on the critical responsibilities and decision making, starting with whether the disruption is in fact a disaster.
If it’s concluded that the incident is severe enough to meet the criteria, your disaster recovery team must mobilize and do the following:
- Manage and coordinate the disaster recovery plan
- Activate other staff in the organization, as well as your service provider, in priority—some people may be needed immediately, while others need to be on standby depending the role in the plan
- Ramp up any alternate facilities and secondary sites
- Review the recovery procedures to be activated that will support your recovery objectives
Who should be on the team?
There are several key roles that should be already be assigned by your disaster response management plan before a disruption occurs.
Your information security group should always be represented on your disaster recovery team, as they have specific, specialized responsibilities, including a review of the recovery goals, understanding the magnitude of the damage, and making sure information security procedures are followed by the disaster recovery team. They can also assist with the preparation of an accurate news media statement that outlines a description of the incident, how and when it happened, and who will be affected and how.
Other team members include a disaster recovery coordinator to liaise with your service provider and any vendors that might contribute to the affected infrastructure. Their job should also be to set up a schedule for status updates throughout the recovery process right up until full restoration.
Another important role you must fill is that of a disaster recovery crisis manager, whose job it is to keep everyone informed on latest developments and be a single point of contact for all team members. They have several critical responsibilities, including:
- Making sure all users and are familiar with the disaster recovery management plan.
- Provisioning additional telephone lines for extra staff if needed.
- Getting a snapshot of activities in progress when the disruption happened from the information security team, an estimate as to how long these activities will be delayed, and when the next update can be expected.
- Developing a public statement approved by disaster response management team that can be distributed to everyone affected, including customers and users, as well as media. Multiple statements may be required, including one when the recovery operation is done, and regular business activities have resumed.
Having a well-thought disaster response management plan in place will only be effective if the right people there are to executive as soon as the alert is sounded. You should frequently revisit your plan to confirm the people assigned to these critical roles understand their responsibilities and that they are still available should disaster strike.
If you haven’t begun to think about disaster recovery planning or feel your plan needs an update, check out our Disaster Recovery Primer.
- February 22, 2019
- Catagory Managed IT Services
Prime Yourself for Disaster Recovery to Maximize Business Uptime
Every organization today is data driven, regardless of size, and it’s just a matter of when, not if, that data is put in jeopardy. For small and medium-sized business with resource and IT infrastructure constraints, it can seem an overwhelming challenge to prepare an effective disaster recovery plan and maximize business uptime.
The good news is that cloud computing allows smaller organizations to enjoy the same peace of mind large enterprises have with the help of an experienced technology partner who help you lay out at plan of action when disaster strikes.
What you should expect from a solid disaster recovery plan
The point of any disaster recovery plan is to make sure there are steps in place to restore any mission critical applications and data after a disruption. It outlines all the all the activities, resources and procedures in the event of a disaster so you can ensure business uptime and return to normal operations as quickly as possible in the event of a disruption.
It starts by notifying everyone who needs to be part of the solution that there is a problem, whether it’s company staff or resources at your service provider, and outlines who’s responsible for what. Once the process is underway, the recovery phase should enable you to restore temporary operations and repair any primary system damage. There’s a lot that needs to happen during the recovery, and an effective disaster recovery plan will coordinate and facilitate communication between all parties involved.
Mapping the connections
There’s also a lot of moving pieces that must be considered. A disaster recovery plan should identify the processes that are in scope, who is responsible for those processes and all the interdependencies affected by the disaster.
Dependencies will help establish the severity of the disaster—one single glitch may be just that or could have a much broader impact on business operations. When a single resource becomes unavailable, it affects many user and customers, and disrupts multiple business processes. Here are some examples of dependencies your disaster recovery should keep in mind:
- Reporting and analytics: Collection, logging, filtering, and delivery business data to relevant stakeholders may stop working and the user interface layer may or may not be also affected.
- Interfaces: Users at all levels, including administrators, may be blocked from accessing software and systems, whether it’s on the client or server side, through web interface or downloaded application.
- Networking: Connectivity to necessary resources could be slow or disappear completely. compromised and/or significant latency issues in the network exist that result in lowered performance.
- Storage: Even if your connectivity and applications are functioning, the failure of a storage resource such as storage area network (SAN) could block access to a handful of files essential for running the business.
There are many more dependencies, and your service provider is well-equipped to help you identify them so you can quickly resolve issues and take advantage of secondary infrastructure in case of an interruption that has a broad impact on your business.
If you haven’t begun to think about disaster recovery planning or feel your plan needs an update, check out our Disaster Recovery Primer.
Latest Blogs
FAQ