Yes, it’s obvious that data should be kept safe.
And yes, it’s clear that part of all protective measures deployed, the ability
to restore the data from a back-up should be kept on top. But no, it’s still
not common practice that data is properly backed up. Well, World Backup Day is here to remind
you that you should test whether your backup solution really works. Or, for risk
takers: re-assess the risks of not having any backup solution in place.
There are a lot of dangers to your data,
from hardware failures to user mistakes. But one additional threat has emerged
in recent years which puts your data at serious risk: ransomware. This particular
kind of malicious software is used for extortion. When activated, ransomware
prevents access to a device or the data on it until the victim pays a fee.
Ransomware is nothing new, but while its
early screen-locking attacks were more annoying than truly dangerous, recent aggressive
encryption ransomware that spreads in huge waves around the world causes serious
damage not only to individuals, but also to businesses and government
organizations. Hospitals with critical systems down, law firms with their entire
clientele’s data unavailable or police departments without access to their data…
With majority of victims paying silently, without letting on that they were got
caught off-guard.
While the first encryption ransomware implementations
were often flawed and security researchers able to come up with workarounds to
recover files without paying the ransom, modern ransomware deploys advanced
encryption methods which are in fact unbreakable. This means that paying the
ransom is the only – so far confirmed - way to get the encrypted data back. Even
the FBI admits
that they often advise that the victims pay the ransom.
But paying the ransom should not be
considered an option. Prevention and improving resilience help much more – not
only against ransomware attacks but also against other threats, be they viruses
or own employees.
Having a good backup strategy before the
damage to data occurs – for example, before the ransomware encrypts the data – turns
the nightmare into a mere nuisance.
For organizations, a good backup strategy
means having a quality backup solution – for example ShadowProtect
by StorageCraft – implemented, processes formalized and the ability to
recover periodically tested. Individuals don’t need any approved strategy, of
course. They need to choose some quality cloud storage service or a hardware
solution. In both cases, it’s crucial to take into account the real scenario of
possible use. For example, that the ransomware also goes after backup files and,
if it reaches them (be it in the cloud, removable media or local network), it
encrypts them as well as the original files. So, it’s important to keep the
backup files offline or take other measures to keep them safe.
Victims of cybercriminals who’ve paid
ransoms often argue that the ransom was quite small, the encryption keys really
arrived and recovery easy. That might be true, but there are no guarantees.
Compare that with a recovery from a backup:
it’s nearly for free, 100% safe and easier to do. Even fairly large businesses
can limit their downtime to just minutes before they’ve restored their
operations.
World Backup Day should make all of us
think about what might happen to our data and systems, and take appropriate
steps to prevent any unnecessary damage.