A crisis like Covid-19 turns old routines and certainties on their head.
Lorry drivers, supermarket workers and couriers are now key workers, which has substantially changed the way many of us think of them.
And the way we think about the data that our businesses rely on is having to change too, as current circumstances make it ever more difficult to keep it protected.
The bottom line is that if your data isn’t effectively backed up, it’s significantly more at
risk now than it was before.
Here’s why – and what you can do about it.
got under your people’s skin
When you’re stressed or distracted by the enormity of what’s happening in the outside world, your cyber security instinct takes a back seat – and so, collectively, your business’s vigilance wanes.
Enter the cyber scammers, who will mercilessly play on your current fears to gain illicit access to your data and have their wicked way with it – whether that be to take it hostage (via ransomware), steal it, sell it on the Dark Web, or all three!
Coronavirus-themed phishing emails, for example, that can be used to trigger such scams, are skyrocketing. They have already pocketed £800,000 from
victims in the UK, and the National Cyber Security Centre (NCSC) confirms gravely in its recent advisory that ‘Cyber criminals are using the pandemic for commercial gain, deploying a variety of ransomware and other malware.’
In short, what cyber criminals see in this situation where everybody’s guard is down is a uniquely target-rich environment for the paralysis, theft and monetisation of your business data.
And of course, the whole ransom exploit turns on a business’s inability to easily access its data from an alternative backup source elsewhere. Effective backup renders ransomware toothless, it’s that simple.
your salvation, or your undoing?
With admirable Dunkirk spirit, much of the nation has got dutifully stuck into its new routine of working from the kitchen table.
But remote working launches a whole new salvo of potential cyber
security issues around the workplace servers that the homeworkers are remotely accessing.
Unsecured home wifi access points, unprotected personal devices, weak passwords, failure to use a Virtual Private
Network (VPN) to authenticate remote access to the business’s IT infrastructure – all these, and many more, are typical vulnerabilities unwittingly introduced by the remote worker struggling to cope with a radically disrupted routine.
And any one of these can be exploited to, say, deposit a ransomware payload that will rip through the business’s networks, encrypting and locking critical operational data as it goes.
You and your workers may be miles away from your office these days, but as far as ransomware attackers are concerned, if your data isn’t easily accessible from some alternative backed-up source, you might as well be standing in front of the main entrance holding up the keys and a placard saying ‘Come and get it!’
backup’s locked down too
‘We back up our data to disks and tapes, we’ll be fine’, we hear you say. ‘Mark and Carol, our backup managers, sort it all out.’
But Mark’s at home with a persistent cough and a high temperature and Carol’s self-isolating because her husband’s ‘got it’ – and so the backup tapes and disks (fiddly, cumbersome error-prone media even when properly managed) can’t be managed at all, because specialist staff can’t come into the office to do it!
Clearly, this means that whatever previously backed-up data you can access will be significantly out of date – which also means that it may simply not contain more recent elements that are critical to business recovery.
In technical terms, your data’s Recovery Point
Objective (RPO) has been furloughed, because your backup got locked down at the same time your people did!
has taught us about backup
What all the above points to is this: firstly, back up your data! (Natch!)
But secondly, make sure you do it in a way that is automated, secure, reliable, instantly accessible and rapidly restorable, so that when the scammers go after it, you can easily get it back – no tapes, disks or specialist on-premise staff required.
A recent article in
Networkworld nails it:
‘Cloud-based, fully automated disaster recovery services are available. If your company used one you could fail-over your entire IT infrastructure without ever having to be physically present anywhere. All of your data and services would be automatically migrated and run from the cloud, which could free you up to handle other issues.’
One crisis is enough, people – don’t neglect your backup and invite another!
This article comes courtesy of BackupVault,
provider of completely automatic, UK-based cloud backup solutions for SME’s,
schools and public sector organisations.