Backing up this information is important. But... what about the recovery?
Would you agree to store all your capital in the basements of the most secure bank in the world, in the most advanced safe of its kind, knowing that at the moment of truth, when you need money urgently, there is no guarantee that you will have the key?
Guy Hochman - CEO Genie Computing Services
As a business owner, you are aware of the importance of backup, which is why you chose one of the backup systems offered on the market. You make sure to back up your business information in the cloud, with tape backups and a local backup to a physical computer, and you even receive a daily report that proves that the information has indeed been backed up. In return, you enjoy the peace of mind that comes from knowing that at the moment of truth, you can "press a button" and return the situation to normal. All of this was true as long as the threats you faced were physical: fire, flood, theft, natural disasters and war damage. Then came the ransomware.
Reproducibility - the difference between a "slight hit on the wing" and a crash
As integrators who support companies in all sectors of the economy, we meet quite a few business owners who have experienced a ransomware virus and find out too late that this backup system is important, but without the ability to recover information efficiently and quickly, they are expected to have long and frustrating days of complete shutdown and severe damage to business income and reputation.
Therefore, as business owners, you must change the dialogue with your backup provider and examine not only the backup capabilities it makes available to you, but also the recovery capabilities. why? Because ransomware attacks in business are more common than you imagine, so it is likely that sooner or later, you will need these capabilities very much. That's how you do it right.
10 good tips for managing an optimal backup and recovery setup
- Check the log regularly
In many cases some user adds a folder or information in a location that is not configured for regular backup. This information, which is sometimes critical to the functioning of the organization, is not regularly backed up and this is discovered too late. Therefore, regularly check the log that shows the content of the backed up information and pay attention to whether all the relevant information is backed up.
- Perform recovery tests
Make data recovery tests a regular procedure, because a successful recovery indicates a full and proper backup. Regularly conduct sample tests, mainly for information that is defined as critical to the organization. In each test, different information was recovered and thus, over time, all the information will receive a test confirming that it can be recovered.
- Create a backup log
Document in the backup log all the sample recovery tests you have performed, so that you do not repeat, again and again, recovery tests for the same data and you do not miss other data.
- Make a local backup
Back up your information both in an external backup system and in a physical backup system in the business itself. The local backup will enable faster recovery than a cloud backup and will significantly shorten business downtime.
- Disconnect the local backup system from the network
A backup system that is connected to the network is exposed to ransomware attacks just like the information on the organization's servers. Such an "infected" backup cannot be used by you to restore the information.
- We viewed the information in the backup
Ransom attacks focus on the most significant weak point in the corporate network and in many cases it is the backup system. Therefore, make sure that the information in the backup is also compressed and encrypted at the highest level.
- Custom backup and restore
Every business has different types of information. Each type of information requires different backup and recovery levels, a unique backup policy, a different backup volume and a definition for the tools with which the backup will be performed. Therefore, be sure to customize the backup and recovery setup for your business.
- backup procedure
Write a mandatory backup procedure that defines the backup days, backup hours, the number of backups required each day, month or year and the recovery test plan. Appoint a person in charge of backups and make sure that the procedure is continued, even in cases where he leaves his position.
- Define a dedicated budget section
Backup and restore are not a luxury. They may be your only lifeline during a cyber attack on your business. Therefore, remember that for every shekel you try to save in this area, you may pay compound interest, to restore the circles of destruction.
- don't wait for tomorrow
Apply the recommendations today and you will be better prepared for the information crisis that, sooner or later, will affect your business as well.
Do you want to be better prepared for information events through an optimal backup and recovery setup that is customized for your business? The Genie team and I are here for you. Together we will create a detailed backup plan, characterize the best backup and recovery solution, define backup procedures and accompany you hand in hand, in case of an information incident.