2017 is the year that most of us have come to more fully understand that data and networks are vulnerable to all sorts of risks. Businesses have been plagued by Cryptolocker, Petya and NotPetya to name a few of the widespread breaches this year. Consumers are currently fearful about their personal data because of the recent news of the Equifax breach. It will likely be quite a while before we know the full impact on businesses of data loss and network downtime from damage due to hurricanes, Harvey and Irma. Best practices for protection, detection and recovery are a must to minimize loss and negative impact on your business.
Protect your environment with backup and disaster recovery plans.
Whether caused by malware, human error or any other disaster, a primary defense against data and financial loss is effective backup. Follow the 3-2-1 rule: at least three copies of the data, stored in two different formats with at least one of the copies stored offsite or offline. Think about this- if you only backup to an external hard drive that is always connected to a computer or network share, then malware itself may be backed up so the machines restored with that backup will still be infected. If your backup is only stored onsite then there is the obvious vulnerability if your physical site is compromised or inaccessible due to a natural or manmade disaster.
Full and incremental backups of your data that have been tested with verified restores are vital. Further, downtime, a risk that costs money and reputation, leads most businesses to go beyond backup and deploy a full disaster recovery plan. A key component of a disaster recovery plan is the ability to regain access to mission critical machines as quickly as possible to avoid financial damage to the company.
Making sure management understands and agrees on the RTO (Recovery Time Objective) and the RPO (Recovery Point Objective) helps an organization to design an effective DR plan with the appropriate priorities.
Follow best practices for prevention and early detection to minimize damage.
Preventing malware from intruding your environment is ideal but is often not the reality. Your first line of defense to minimize your chances of an attack is to follow security best practices and utilize current security tools. Always keep security patches up to date, especially the OS, browser and plug-ins like Flash Player, Adobe Reader, Java and Silverlight. This may be best accomplished with a Patch Management service that white lists patches and verifies that the patches have been done on a regular basis. If left to chance when someone has time, vulnerability is increased.
One of the most critical factors in maintaining a secure IT environment is ensuring your employees are well trained in security. Don’t rely on them remembering everything from that brief training when they were hired. Even with the best, most sophisticated security tools, organizations aren’t completely safe if they don’t train their employees on proper Internet usage and how to recognize threats and scams.
There is no prevention mechanism that can guarantee you won’t be attacked by malware or face some type of data breach. If you take this as a given, the next defense is early detection. Network monitoring should be designed to provide alerts when things are amiss but in addition to those alerts, there needs to be a proactive policy driven procedure that goes into effect when those alerts come in. If you are solely relying on someone to remember to periodically check logs for alerts, significant damage is likely to occur before you have any chance to thwart it.
Recover your environment and review the incident for any learnings.
Ensure you have a clear documented path to the systems restoration. You will want key contacts names and phone numbers from department heads, key decision makers, and to your disaster recovery or backup provider if applicable. Your documentation should also list key and critical devices, as well as systems that are dependent upon each other. This plan should have some abilities to stage tests or mock events should your environment allow for it, stresses Ty Cornwall, President of Broadleaf.
Clearly recovery circles us back to that critical first step of protection. Further, once recovery has been taken care of Cornwall emphasizes the value of a post-mortem review. Understanding how a breach occurred is the best and most obvious way to prevent the lapses from occurring again, and without remediation they likely will. He adds that in his time in IT, he has found that a consistent review through post-mortem analysis answers questions and provides information you will need moving forward.
Broadleaf is here to help you protect, detect and recover with a comprehensive portfolio of solutions and services to meet your needs. Contact us to learn more.