How much of a disaster would it be if you woke up, and you had absolutely none of your business data when you got to work? It may be a relief for a few seconds - A brief joke about how 'I guess there's no work to do today!'.
Then the dread sets in. Everything you've built, everything you've worked for, and everything that guaranteed a paycheck for you - gone in the blink of an eye.
"But wait - We've got backups!" You plug in your hard drive and start digging through the folders and realize in disbelief that the last backup you took was over six months ago - and the presentation you needed was built just last night.
It's over. Right? Not necessarily - Not if your business has a proper business continuity plan.
Having a solid backup solution can help you roll back if something bad happens. The sad fact, is that we're hearing more and more excuses until it's too late, which is leading more and more businesses to close their doors unnecessarily when a small investment could save them the trouble.
While ransomware and security breaches account for a large percentage of need for backup and recovery solutions, user error also plays a massive factor in this as well. From accidental file deletion and overwriting to spilling coffee on laptops, user error is actually the #1 cause of data loss according to studies performed by Pax8 - A leading cloud solutions provider for Managed Service Providers internationally.
Among the issues listed above, business can also suffer from malicious deletion from employee turnover, hardware failures, or device loss or even theft. Having a backup solution can help resolve subsets of the problems that come with these issues that businesses can face at any moment.
Of Small Businesses experienced 8 or more hours of downtime due to a severe security breach in the past year. (5)
Of data breaches in 2018 affected organizations categorized as small businesses. Being small isn't protection anymore. (6)
Of CIO and CISO executives in control at the time of a ransomware attack lose their jobs after everything is said and done. (7)
Ancedotes From the Field...
"Overheated Server Closet" | "Actual Fire Inside a Sever"
"Power Surge During a Storm" | "Cat Knocked an External Hard Drive off a Shelf"
As you can see, it's important for businesses in the modern age to have a backup of their business critical information. Even more so, It's imperative that businesses keep in mind the implications of storing customer information, and what it can mean to a business to lose this information at a moment's notice.
You can spend hundreds of millions of dollars on preventative measures for Cyber Security, but the reality of the situation is that when an attack happens, if you can't prevent it - You have to be able to roll back.
There's a general rule of thumb in Information Technology - Never put all of your eggs in one basket.
We've noticed a distinct lack of simplicity when it comes to backups, and an over-complication of an issue that plagues many businesses to this day. In turn, this over-complication causes business owners to be hesitant about exploring new opportunities for business continuity that prevent them from being able to recover quickly when problems do arise.
First, we have to explore the concepts behind a good business backup.
- What data is MOST important to your business operations?
- How long do you have before your business starts losing money without access to your data?
- Does your business fall under compliance laws?
Second, we have to examine what kind of budget is available. You can't back anything up if you can't pay for the infrastructure to do so. Unfortunately, having backups is a MUST, so keeping the cost low is the best option to make things comfortable.
Third, you have to verify and validate that your solution works. If you spend the money and invest the time - it only seems natural that it works right? Wrong. We've seen failures due to lack of continuous maintenance and monitoring. You MUST perform validation on your backups to ensure that you're actually protecting the data you think you are. 5 minutes a month of checking can save you months of headache down the road.
Step 1: Explore
Explore your needs. What is most important? Determine what your business needs to survive.
Step 2: Budget
Determine your budget. You have to know your cost availability before you can build a solution.
Step 3: Validate
After you've built your solution, make sure it works. Continue to maintain and monitor your backups.
After you couple these three things together, you can start to have a clear picture on what is required to keep things going.
So let's dive into the most expensive part - The hardware. Not all businesses require big powerful and expensive servers in order to maintain solid backups. Cloud solutions have come down in price, and availability is a dime a dozen nowadays to find something that can fit your business.
There's a couple determinations that need to be made to calculate whether an on-site backup is required for your business, and whether shouldering the responsibility of managing said backup solution is worth the investment.
Consider how much time it would take to recover your data. Are you only backing up certain documents, or full server images. If you're backing up images, or need to recover whole workstations, it may be worth considering a high-capacity on-site solution.
Do you need sole ownership of your data due to compliance laws? Some businesses are required to only have on-site backup solutions, which can disqualify cloud solutions from being viable for your business.
How many devices / How much data are you backing up? If you're backing up 50 workstations, it makes sense to have an on-site solution to ensure you can recover images quickly and in rapid succession
Industry Specific Requirements
Some industries require special care to ensure that the information they house remains secure.
Healthcare - The health and medical field was the #1 industry for cybersecurity breaches in 2018 (12). Social security numbers, HIPAA information, and Private Health Records all need to maintain security both in-transit, and at rest. It's important that backup solutions also follow these rules.
Financial - The insurance and financial sectors were the second-most breached industries in 2018 (13). These industries were also the seond-most targeted industry for ransomware attacks. (14) It makes sense that attackers would target these resources as financial institutions contain some of the most sensitive payment information available. Financial institutions require certain data to be encrypted at all times, both at rest, and in transit, much like HIPAA information.
Retail & Hospitality - 66% of retailers paid the ransom after a ransomware attack due to the threat of lost sales. (15) Even in these cases, it is very rare that businesses will actually get 100% of their data back, so this isn't a viable solution.
Consider your time requirements. How long will it take you to recover?
How much lost opportunity will you miss out on while your data is unavailable?
How many hours will your staff be sitting around, waiting?
Unfortunately, the biggest problem is again the over-complication and confusion that comes with it. The confusion that follows leads to improperly configured solutions, and gaps in security that lead to liability for your business, and for your customers.
Your best bet is to pay for a support plan from your backup solution, hire an internal IT staff member, or outsource your backup services to a Managed IT company for a third of the cost of both aforementioned options.
So why do all of this?
Number one, you should do this because keeping your business open and your work flowing should be the highest priority.
In addition to this, even Microsoft recommends that all businesses should have a third-party backup solution available. Additionally, the NIST Cybersecurity Framework agrees that you should always have a method for recovery to keep your business cybersecurity where it needs to be.
Above all, ensuring that your solutions work is a much more cost-effective solution to long-term financial and reputation damage to your business.
- Datto, 2018 State of the Channel Ransomware Report
- Keeper Security, 2019 SMB Cyberthreat Study
- Ponemon Institute, 2018 State of Cybersecurity in Small & Medium Size Businesses
- Spiceworks, Comments for “What’s your best data loss story?”
- Cisco, Small and Mighty: How Small and Midmarket Businesses Can Fortify their Defenses Against Today’s Threats
- Verizon, 2018 Data Breach Investigations Report
- Skykick, Protect Your Office 365 Experience with Cloud Backup
- SentinelOne, Global Ransomware Study 2018
- CIO.com, With the Bigger Dangers of Data Loss and Some Statistics, the Value of Backups is Becoming Prominent
- Coveware, 2019 Q2 Ransomware Marketplace Report
- Sociable, The Many Motives of Hackers and How Much Your Data is Worth to Them
- BakerHostetler, Managing Enterprise Risks in a Digital World
- NTT Security, 2017 Global Threat Intelligence Report
- Ponemon Institute, 2018 Cost of a Data Breach
- Radware, 2018 C-Suite Perspectives: Trends in the Cyberattack Landscape, Security Threats and Business Impacts
- Security Magazine, 50% of Retailers Experienced a Data Breach Last Year
- Government Technology, Hackers Are Hitting Government More, but That’s Nothing New
- Barracuda, Threat Spotlight: Government Ransomware Attacks.