I've always been told, "A working, tried and tested backup is necessary." The horror stories in the media of people and companies losing data may have helped re-enforce the message.
I've always been told, "A working, tried and tested backup is necessary." The horror stories in the media of people and companies losing data may have helped re-enforce the message. As long as backups are happening, then we’re one step closer to a reasonable and working recovery process. Unfortunately, there are businesses (and people) that have implemented a backup process, but haven’t thought past backing up the data.Let me offer an example. I got one of those phone calls from a friend, saying a friend of theirs was having “some really bad Internet virus trouble,” and they asked if I could help out. As an IT professional, I get these types of calls a lot and could immediately spot that my friend had no real idea of what the problem was. A call to the poor friend-of-a-friend with “some really bad Internet virus trouble” revealed a reasonably frustrated person. She was quickly able to clearly describe what was happening to some of the Windows systems there and it took seconds to work out they had been hit by a CrytpoWall type malware. Often, email addresses are plagued with emails using well-known companies to trick the unsuspecting user in to running the encrypting malware. And that’s what had happened here.I asked, “Do you have backups of the now encrypted files?” And the answer came back that they did. “Do you know how to restore from those backups and can you do that to a safe machine?” Again, they did and found a machine to restore the data to.A bit of time passed as the files were restored and checked. The happy outcome was all the files and data were there. I could hear her relief once the files were recovered, but being a cheery security professional, I asked one final question. “Do you have copies of the software on those three encrypted machines? You'll need to format them and start again – just to be safe.” That produced the “Oh. Um, let me find out.” One of the machines encrypted was their accountant’s system, which was running software that was old and out of date. After a bit more advice, I left them to it as there wasn’t anything more I could do.The outcome resulted in the owner buying three new computers, all preloaded with new versions of the required software. The ancient accounting software data was able to be imported to a new, supported accounting software and the business lost roughly a day’s worth of work. This is a pretty impressive turn around for a small company with no internal IT support.It does, however, point out that backups are only a part of a business continuity and disaster recovery plan. As security and IT folks, we can advise and recommend people and their businesses understand the entirety of business continuity and disaster recovery planning. Find out if plans are in place, and if not, then start these conversations now rather than during or after an incident.(Image Source: iCLIPART)