Most companies will experience some kind of cybersecurity breach, and that’s when they usually wish they had a better Business Continuity and Disaster Recovery (BCDR) plan. Cybercrime is on the rise, and hackers are shifting their tactics against business targets. Ransomware attacks spiked in 2020, increasing 435% compared to 2019. In these attacks, hackers can destroy companies by not just stealing sensitive information, but also encrypting and holding that data ransom. This can lead to a lockdown of the mission-critical systems that the company cannot operate without.
The best defense in a ransomware attack is to properly prepare your data and essential systems before the attack occurs. At Digital Agent, we work with companies in highly-targeted industries like healthcare and finance to create and execute detailed BCDR plans. Keep reading to learn more about how you can improve your business operations during and after a cyberattack.
Plan for Business Continuity, Not Just File Recovery
Daily backups can help your business get back on its feet faster after a ransomware attack, but ideally, you should have backups for all the machines on your network running throughout the work day. 76% of companies hit by ransomware use machine re-imaging from such a backup to recover. This prevents machines from having to be restored from default. Machine re-imaging is currently the most efficient way to ensure business continuity after a breach.
Backup Every Workstation and Server
While a lot of your mission-critical data will likely be backed up on your company’s servers, there is a wealth of file and application data that exists on each individual workstation. This data also needs to be backed up. Otherwise, your employees will waste valuable time playing catch-up. They could even lose files that weren’t properly saved to your company’s database or shared drive.
BCDR image backups allow you to restore a machine to a specific “recovery point” in time—before the breach occurred—so your staff can get right back to work. This ability to recover from image-based backups of virtual machines is a relatively new BCDR capability. You will commonly hear this method referred to as “recovery-in-place.”
Store Backups on Land and in the Cloud
Recovering from local backups is significantly faster than waiting on a cloud download or requesting a drive to be shipped from the cloud provider because of data size. Local backups can restore a system in a matter of hours; with third-party cloud backups, it can take days. While cloud backups are often cheaper, they shouldn’t be relied on as your only BCDR resource.
The best rule for backups is the 3-2-1 Rule. You should store at least 3 copies of the data on 2 different devices, with at least 1 full copy stored offsite or on the cloud. On-site BCDR hardware can also help your business run smoothly by allowing you to run operations off your back-up server while your main server is still being restored.
Create Internal and External BCDR Communications Plans
One of the most important ways to reduce fallout from a ransomware attack is good communication. You want to set up a plan for how employees should act and who they should report to in the event of a breach. Your customers may be affected by a ransomware attack as well. Have messaging ready to go to alert them to the problem and how your company is addressing it.
The more upfront you are in communications with your customers and employees, the more likely you are to retain their trust after the breach. A rock-solid BCDR plan is your second-best defense in a ransomware attack; the first is prevention. Contact your Digital Agent for a customized cybersecurity risk assessment and learn how to mitigate your risks of a ransomware attack.
