IS YOUR BUSINESS PREPARED?
As a business owner or internal IT person, it’s our greatest fear: what if we get hit with one of these nefarious ransomware attacks? We plan tirelessly day and night to put every protection we can remotely think of in place. Once we have these barriers in place, we start to assemble some peace of mind and a feeling of relief that “hey we are protected, all is right in the world.” We begin to breathe easy right?
Then all of a sudden, a headline hits the media and it smacks us right back into that state of anxiety and panic. Not just the headlines we see on a broad scale on networks like CNN or Fox, but local news like this past holiday weekend.
“When the ransomware news hit local Channel 4 of Detroit, our phones began to light up.”
Small businesses we service around Metro-Detroit asking the question of the day “Are we at risk?” The short answer is, for this attack, NO! However, for all attacks is a much more complicated question. The rationale behind that is this particular attack targeted a remote software that many managed service providers and businesses it services utilize to support their customer base. Fuse however does not run this software to remotely support its clientele.
Obviously, having the appropriate safeguards in place is absolutely crucial, but nothing is 100%. That is why it’s important to have a recovery plan in case ransomware goes beyond all the safeguards you have in place. The very first and most imperative step is creating a security plan to make certain that you minimize your exposure by Implementing the items below.
Of course, there are many others, but the list below is just the broad spectrum:
- Dual Factor Authentication
- Complex passwords/password expirations/lockouts
- Anti-virus on all servers and PC’s
- Smart Firewall with anti-threat detection
- User awareness training (we do this as well)
- Backup solution that is not susceptible to ransomware (more on this later)
As we are just like you, when those headlines hit, our brains immediately go to DEFCON One! Not just for our business but for each and every one of our clients. We immerse ourselves into our client systems, triple even quadruple checking every safety measure in place to make certain everything is “right in the world” for our clients.
Our Fuse-minded brains immediately start thinking of “what if a particular client were hit?” What means are at our disposal to bring them back and do that in hyper speed as if we were on a stopwatch! That is exactly how Fuse builds all of its recovery plans. We build them around the client’s business, their processes and we know that every moment they are down is a moment of sheer chaos and lost revenue. Thus, it’s absolutely critical we have a solid, well-thought-out plan that can be implemented, for lack of a better term or just overly ambitious thinking, at the speed of light!
The first place to start is to verify that all of your mission-critical data and applications are being backed up, and backed up in a way where they are not susceptible to ransomware. The next phase is how will you restore those items if your system is crawling with these nasty monsters lurking in all those ones and zeros. Our plans not only account for bringing you back to life but also eradicate and prevent infection to the restored data simultaneously.
We obviously can’t cover an entire plan in this one article, but below are some of the broad strokes:
- Backup solution that is not susceptible to ransomware
- Backup solution that is continually monitored and maintained
- Backup audit log – This makes certain you are backing up the correct data
- Alternate hardware – If yours needs to be rendered unusable as restoration begins
- Constantly updating the plan – We all know technology changes by the second, so it’s important that your plan is doing the same. A restoration plan from 5 years ago would not work in today’s environment.
- Man-power/knowledge – Based on the size of your organization, you will need manpower and knowledge to implement said plan.
We would urge you to develop and maintain a plan as these threats are real, relentless, and hitting very close to home. Do yourself a favor, make certain your business has prevention mechanisms in place and that you have a recovery plan on hand in the case you are hit. Your IT provider could produce such a plan for you if you do not have one. We can guarantee one thing, if you do those two items above, you will sleep much better as new headlines emerge!
