How would data loss affect your business?
Every business, no matter how large or small, should have a data recovery strategy. Like seatbelts in cars, hopefully you’ll never need them, but if the worst does happen, you’ll be glad they’re there.
Imagine, for a moment, that you came to work one day to find every single computer and server in your business had been wiped clean. All your customer contact details, transaction records, invoices, purchase orders, payroll information – everything gone, whisked away in the night. What would you do next?
Without backups, there would be very little you could do, except try to collect all the missing information again. That could take months or even years, and the associated costs could be enough to put you out of business.
That’s the worst-case scenario, of course, but data loss is not uncommon and can be caused by numerous factors. Cyber crime attracts the headlines, thanks to all-too-prevalent ransomware attacks and data theft, but you also need to be vigilant against mechanical failure. All electronic equipment has a finite life, and that includes computer hard drives, which can sometimes stop working with very little warning.
You also need to be prepared for accidental deletion of data or damage to hardware. If someone in your business inadvertently deleted the wrong files or spilt a drink on their laptop, frying the hard disk in the process, would you have data recovery procedures to get everything back?
Data Recovery Plans
If you’re thinking, “We’d be alright; we have a backup server exactly for these kind of reasons,” then good for you. But don’t think your data recovery plan is bullet-proof. One backup location is better than none, but it’s simply not enough anymore – as one of TMB’s own customers found out when it was hit by a hacking attack.
Like many businesses, all their data was backed up to a network-attacked server, giving them a useful data recovery avenue in the case of accidental deletion or mechanical failure – but almost no protection against hackers. When an uninvited guest got through the firm’s cyber defences and onto the company network, not only did they have access to all its computers and servers, they could also get into the backups.
After encrypting the main copies of the company’s data, the hacker then set about deleting all the backups. Years and years of data gone, and a ransom demand imminent.
In this case, the business in question got lucky. As well as a backup location on their network, they backed up their files to TMB’s cloud backup service.
Unfortunately, cloud backups are also susceptible to ransomware, because if you can access your backups over the internet, then so can hackers – and that’s exactly what happened. The hackers accessed the cloud backups and deleted those too. This is something that can happen with any cloud storage or backup service, including big names like Dropbox
So how did this business get lucky? Fortunately, TMB was able to recover from the cloud backup recycle bin. The files in there were several months old, which was a problem, but it could have been so much worse. Instead of potentially going out of business, this customer’s losses were painful but not catastrophic.
Doing Things Better
There are, of course, questions about how the hacker managed to access password-protected cloud backups, but this is not the time to answer those. All that matters is that this business’s data recovery plan was not strong enough to beat a determined attacker.
What could it have done to protect itself further?
As we said in our article on 3-2-1 backups, regular backing up to a set of rotated, encrypted USB hard drives, which are stored off-site, is an excellent way to secure yourself against cyber crime. If you do ever get attacked, the most you’re going to lose is a day’s worth of information – not great, but much, much better than the alternative.
Most of the time, local and cloud backups are more than sufficient, but this third tier of protection can be the difference between a minor inconvenience and disaster.
It can also mean you don’t get a fine from the Information Commissioner’s Office if you lose personal data. Having adequate cyber security policies and technology in place is one of the requirements of General Data Protection Regulation, but the ICO knows that data losses will still happen. If you’re able to recover from them, then it seems likely your case will be viewed far more favourably than if you were unprepared and everything was lost.
The Danger Of Complacency
If you’re thinking this kind of thing won’t happen to your business, you’ve either got an amazing data recovery system in place already, or you’re misguided. Cyber security solutions can greatly minimise the chances of you getting hacked, but the combination of increasingly advanced criminals and the ever-present danger of human error means there’s always the possibility it can happen. And because a lot of malware is automated, it doesn’t matter if you’re a huge multinational corporation with turnover in the billions or an independent business in the UK with a handful of employees – if the criminals get notified that you’re an open target, they’ll come for you.
If that never happens to you, fantastic. But if it does, you’ll see just how valuable data recovery is.
Does your data recovery plan need a refresh? Contact TMB to find out how we can help your business.