5 Beginning Steps to Ensure You’re Protecting Your Data from Ransomware
A quick Google search on recent ransomware stories will highlight the sad state of our current world. Our data has monetary value, and those who can hold it hostage are often able to extract a financial sum for it’s (supposed) return.
During our time in the industry, it has not become an uncommon experience to get a phone call from a client seeking to recover from the unthinkable. Maybe it’s considering this act as “unthinkable” that ultimately gets us all in trouble. Preparedness is key to ensure that when disaster, be it a virus or a targeted attack, does happen, your organization is able to quickly return to normal operation.
Here are five quick ways to ensure you’re prepared for the risks associated with living in a data centric world.
1. Ensure your backup jobs are actually working
Sounds like a trivial starting point, but yes, your backups need to actually work. It’s just as important to ensure your restores work too. Unfortunately, we have seen too many organizations compromised and unable to recover, because they ignored warnings and alerts that their backup jobs were failing. If we’re simply ignoring our core protection mechanism to protect against data corruption and failures, why do we even have it in place?
Test a few restores. Can you get the data back? Do you have a schedule for these tests? Can you automate them?
Can you access and return important data required to support core systems…and just as importantly, do it within a timely fashion?
2. Understand where all your data is today
In today’s hybrid cloud environments, data distribution and management is an evolving problem for technology teams. Our end users have access to SaaS applications and other cloud services with a simple credit card swipe.
If that data isn’t managed by your corporate technology teams, do your end users understand the risks associated with their decisions? Do they understand where your responsibilities and capabilities start and stop?
We can support your exploration of shadow IT, so you can properly educate your end user teams, and work alongside them to ensure you’re able to properly support their needs. Most importantly, this ensures you data protection strategy is in alignment with the data they are generating and leveraging to drive organizational impact.
3. Get a copy of your data offline
Depending on the platform you are using, this step can take many different forms. Most organizations are already working with the best-practice mentality to get data offsite. If not, we can effectively work alongside you to leverage external cloud services to provide these data services.
Getting data offline is often an overlooked step in the process. Realize that OFFLINE and OFFSITE are DIFFERENT. The importance of this step lies in protecting yourself from nefarious external action. If someone is inside your network, a common step within the ransomware experience is disabling your access to your data protection mechanisms. They fill up your backup storage targets, lock away backup access, or simply just delete your backup server. These steps create highly detrimental outcomes.
A quick checklist for this step includes the following:
- Build a separate network for the target
- Randomize the job
- Ensure It’s supported by your backup vendor
Today’s back up vendor market has a few different approaches here. The legacy appliance manufactures have service-related sku’s that you can purchase that automate this process for you (for example, DellEMC’s Data Domain). A software manufacturer, like Veeam, will suggest you set up a target within a DMZ and automate a data pull. Disrupters, like Rubrik, offer a different approach with their immutable infrastructure.
4. Tightly monitor and control access to your systems and data
As we discussed in 6 Things to Consider when Deploying MFA, we highly recommend deploying multi factor access controls across your network. Integrating your security posture and controls within your backup strategy ensure you are tightly controlling access to a key business asset…your data!
In most cases, we think of leveraging multi factor authentication to protect end user access within the client environments we serve, but also layering these controls across your IT assets and service mechanisms is an important layer of your security posture.
Exploring your possibilities here can be time consuming and exhausting. We can help you explore these options based on your system investments, processes and requirements.
5. Leverage a manufacturer supported protection mechanism
As we mentioned in step 3, ensure your offline copy is supported by your manufacturer. In the event of a compromise, you will need all the resources at your disposal to recover. The last thing you need is your vendor throwing their hands up, saying “Good Luck!”
Build an environment that has been tested and validated within their architectures to work, so when push comes to shove, you can leverage their support mechanisms to return services to your business.