December 3, 2020
Five Cost-Effective Ways to Protect Your Business from a Ransomware Attack
A great defence is agile and takes practice. Lots of it.
We’ve already looked at recovering your data post-ransomware attack; plan, plan, plan and plan again. In this blog, we’ll explore five ways we can plan for and better protect against ransomware attacks. By planning and protecting, we can ensure that we lose the least amount of valuable data possible, without breaking the bank.
1. Understand the nature of ransomware
The chief problem with ransomware is that it is ever-evolving. This means that processes and systems need to be continuously reviewed and updated. However, as with most things like this, it can lead to perplexing problems that can make IT Teams feel they never get to place ransomware in the ‘Job Done Pile’. The temptation to stall can creep in, meaning there are holes in the system that can be exploited.
You can find out more about what ransomware is in this article from Expert Insights.
The nature of ransomware simply isn’t consistent, and so when businesses realise this, they can better understand the need for software and systems that can resist attacks and if attacked, better recover from them.
2. Invest in trustworthy and knowledgeable solutions early on
Because many businesses find these processes so difficult to navigate and their IT teams struggle to maintain effective management of these complex processes, it can be tempting for them to put the investment of software on the backburner. More so, the complex nature of ransomware means that when businesses do choose to invest in protection and reach out for help, they’re unsure if they are getting genuine, authentic advice or if they’re just being spun a clever sales play.
The best way around this is to seek out trusted advisors that are willing to not only help you with their service but will gladly share free knowledge with their customers in the form of excellent customer service. By sharing their first-hand experience, they can demystify the volume of information out there and tailor a solution to your unique business needs. Above all else, failing to invest in quality backup and recovery solutions early on, can – and probably will – end in botched disaster recoveries and a lot of wasted cash.
3. Utilise your resources
Irrespective of investing, there are also things you can do that cost nothing or very little that will help you in terms of shielding your backup systems. Without doing these things, your only option is to hope that your underfunded and under-loved backup setup will, by some miracle, come to life before you’re forced to pay the ransom. If, however, you hope that ransomware won’t target your backup setup; we’re here to break the bad news to you. It definitely will. So, here are a few things you can do to shield your backup set up as it stands*:
- Use two different operating systems. Put the primary backup system on Windows and then copy the system on Linux (we’ll use Linux as an example here, but you can include AIX or any other). In simple terms: can the Ransomware attack navigate a Windows structure, it most certainly can. Can it navigate Linux as easily? Not necessarily.
- If you have more than one domain, place the production backup system on a different domain to the Copy system. The strategy here is to put as many obstacles in the path of the attack.
- Spread your data across different storage types. For example, Block is great for a primary source and S3 is good for a copy.
4. Making the most of IBM Spectrum Protect
By being an IBM Spectrum user, you’ve already invested in the right software, so make sure that you’re on the latest version. The latest versions of IBM Spectrum Protect work to make predictions on potential incoming attacks, making the update an invaluable asset to businesses. By pre-empting attacks, data loss is significantly reduced in the instance of an attack and can sometimes prevent a full-blown attack altogether. It’s always important to get the most out of the data protection software that you’re paying for. You can read more about making data backup and recovery technology sustainable for your business here.
On top of this feature, Spectrum Protect has within it a DRM File. In a nutshell, the system creates a backup file daily. You can then store this outside of your domain by email or any other method of your choice. Outside your domain is somewhere safe and secure! It’s a small task to undertake, but it holds the keys to unlock and recover your business quickly in the face of a disaster. Plus, there are no costs involved in emailing a copy of this to a safe location.
5. Stay alert and act quickly
Our fifth and final piece of advice is to stay alert and act quickly. Don’t allow Ransomware to lie dormant so it can gain a stronghold on your data. By keeping a keen eye on things like the slowing of systems, inaccessible or corrupt files and CPU spikes, you may not be able to halt an infection entirely, but you will be able to align your damage control better by ensuring your backup is taken offline and stored safely before being infected. Always have a ‘Code Red’ plan in place. Who monitors these things? Who raises the alarm? Who acts on them quickly?
These five things will help you minimize and lessen the severity of ransomware attacks, but it pays to mind that they are limiting the cause, not preventing the effect. Always test your data recovery processes and ensure that you have invested in secure and, preferably, automated processes. The aim is to have maximum confidence that your data backup and recovery process will be quick, efficient and controllable.
*This is based on having a setup which has both a primary version and a copy version of the backup.
Read more articles:
What to do if your CDO or Compliance Officer asks about your data backup operation?
In normal times, “keeping the lights on” can be a derogatory term. Today, it’s an aspiration for many companies in sectors hit hardest by the current crisis.
As organisations transform to cloud and modernise their data protection environments, it’s very easy to overlook an obvious point about the workload that gets left behind. How will that workload continue to be protected and whose responsibility is it to manage?