At the same time, you might have heard questions about whether this focus on backup is warranted. Some of this is just IT vendors sniping at each other. Shine a spotlight on something long enough and sure enough some people will want to turn up the heat.
One thing is crystal clear: IT pros and CIOs at organizations of all sizes have reported that backup and recovery technology saved the day and helped them avoid paying ransom to cybercriminals. But asking tough questions about backup is not a bad thing. Indeed, you want to make sure to ask a smarter question than whether backup deserves so much credit. Instead, ask ‘How will I restore to normal operations?’
At the end of the day, that’s what a backup tool should help you do—get up and running without a glitch.
Three smart ways to consider backup
The analogy that comes to mind with backup is insurance. Some insurance simply gives you a discount at the pharmacy. You show your card, you give them $5 for antibiotics, and you are glad you didn’t have to pay full price. Another insurance requires you to pay in full, complete forms in triplicate, time-travel to 1996 to find a fax machine, and wait six weeks for a reimbursement check. Both are insurance. But the second option had many more pain points along the way.
The same is true for backup. Some backup systems can easily take a local copy of the system image, map it to the server, and be up and running within an hour or two. Some may require a heavyweight download from the cloud. Some might charge you an exorbitant fee for getting data back, out of the cloud. Some might have stringent target hardware requirements.
Here are three categories to consider when talking about backup and recovery:
Recovery Time: Long downloads, poorly crafted portals and lost login credentials can lengthen the time from the ransomware attack to the recovery—and thus, the impact on the business. Streamlining the process with carefully chosen technology, responsive customer support and a documented plan is critical.
Recovery Point: To recover from a ransomware attack, you need to restore from a point in time before the attack on your system. The frequency of backups, coupled with the speed with which you identify the problem, will determine how far back in time your systems must go. Often, ransomware doesn’t make itself known immediately after infection, so days or weeks are typical rollback periods—but you must make sure you have those backups saved!
Financial Cost: Not only does the business lose revenue and productivity when systems are down—but you could end up with a nasty bill from the backup provider if they charge for recovering data from their cloud. The cost of a recovery should factor heavily into the selection criteria for cloud backup solutions.
Backup lessons: Pay attention to what matters
These considerations apply to any situation where you need to recover data. Yes, ransomware adds the instant pressure of having to pay a cybercriminal if you aren’t confident that you can restore critical files. But you will want to consider these same issues when planning for things like system failures, fires and floods.
Finally, keep in mind that while backup technology is an essential piece to ransomware protection, any relevant conversation on this topic also includes end-user training and education, and up-to-date antivirus protection.
Does backup deserve all this attention? You bet. So, make sure you pay attention to all the aspects of ransomware and backup that could impact your business. And listen for the right answers.