Use these three questions to assess your company’s preparedness to retrieve lost data.
1. Do you have backups of your data?
This fundamental question is the basis of your reaction and remediation strategy. Without a backup, data loss is inevitable.
Where you store your data backup is nearly as important as creating copies in the first place. Storing your data in the cloud does not mean it is secure. Cloud services follow the cloud shared responsibility model, where the service holds and maintains your data, but your IT staff is primarily responsible for protecting it.
To properly back up your data, remember the 3-2-1 rule:
- Keep at least 3 copies of your data.
- Store 2 copies on different storage media or locations.
- Keep 1 copy of your data off-site or in the cloud.
For example, you might store two copies in the cloud and one on a storage device and keep that device off company property. Bear in mind, though, that you cannot assume all your critical information is saved because you have backups — you need to constantly monitor to ensure the correct data is stored.
2. Do you have a recovery plan?
Just because your data is backed up does not mean it can be recovered — without a restoration strategy, you may still lose data. Companies need a step-by-step plan to salvage their data if it is compromised.
If you decide to pay an attacker, you cannot count on a clean exchange. And even if everything is recovered after a payment, the restoration process is not straightforward. IT teams must remove compromised files and inspect all databases in addition to reinstating the data. If you don’t pay a ransom, restoring data from your backup is still complex if you don’t have a system in place.
A proper plan can cut restoration time from weeks to just minutes. There are three infrastructures to consider:
- Software – backup software to retrieve data stored on company servers.
- Appliance – backup software to recover data stored on a single device.
- Backup as a Service (BaaS) – automated, no maintenance backups and recovery provided by an outside vendor.
These approaches are not mutually exclusive. Strategies can involve elements of each and depend on an organization’s size and capabilities. When developing a recovery plan, companies should evaluate their internal capabilities and risk tolerance.
3. Have you practiced your plan?
If you said yes to the first two questions, you’re off to a good start. But the job isn’t finished. Much like any effective disaster recovery plan, you cannot expect to correctly execute a plan without practice.
Write down your recovery plan step by step, including who is responsible for each task. Run through regular simulation tests with teams and stakeholders involved in the process to ensure it works. And much like a football coach reworks plays based on changing conditions, you must make adjustments as business and technological circumstances evolve. Set a schedule to periodically review and update the strategy.
Creating a successful backup and recovery strategy requires honest assessments of a company’s capabilities and current processes.
Data is your most valuable and exploitable resource. Without it, you cannot run your business. Ransomware prevention efforts alone are no longer enough to protect your information — backup and recovery plans are essential. Investing the time and resources to create a restoration strategy will pay significant dividends in the long run. Retaining control of your data saves your company millions of dollars in recovery costs, prevents operational disruptions, and protects its reputation.