When it comes to ransomware, the true question is when, not if, your business will get hit. Last month’s attack on the Colonial Pipeline highlighted the massive disruption caused by a single incident.
Today no company can afford to not be prepared. This year alone, there will be a ransomware attack every 11 seconds, says Cybercrime Magazine. That’s a sharp jump from every 40 seconds in 2016.
The financial toll is massive: In 2021, the total ransomware costs for data recovery should exceed $20 billion.
And it’s not just large companies that get hit. In fact, small- and mid-sized businesses are often prime targets because they lack the protections their larger peers have.
One in five small businesses report they’ve fallen victim, according to the folks at We Live Security.
The average ransom requested for a business of this size? $5,900.
But prepare to spend a lot more than that – $114,000 — 23 times more than the ransom itself in downtime. On top of that, you can factor in other associated tech-related costs, such as:
- discovering the attack
- investigating it
- containing it, and
- recovering data.
Assuming, of course, you can get your information back.
Enter the business continuity plan.
Business continuity a must
The most operationally resilient businesses have a plan in place to get back on track and back in business fast. And they include a response to a ransomware attack.
But just having a plan isn’t enough. In fact, many companies are making some serious mistakes when it comes to the way they set up and maintain their programs.
And that can cost you in any number of ways, from time wasted to customers lost.
Take a look at where others are coming up short, so you don’t, too. The Backup and Recovery Solutions Review identified these common errors:
Mistake #1: Not enough ‘data redundancy’
That sounds like it’d be a good thing, but it’s not.
For the sake of business continuity, your company wants to have the same data stored multiple ways, both online and offline. As a guide, consider the 3-2-1 strategy:
- 3 copies of your data
- 2 different environments to store them, with
- 1 copy offsite.
Mistake #2: Over-backing up
Fact: You don’t need backups of everything. If data isn’t changing you only need to archive it. And there’s probably plenty you can toss.
What’s left is what needs continuous backup so that if the worst happens you aren’t caught short.
Of course, storage itself isn’t cheap.
Fortunately your company can keep storage costs in check without IT having to sacrifice any of its functionality. And it all comes down to storage.
Yes, you could do a major overhaul of your data center’s design or an upgrade of the equipment in it for greater energy efficiency. But there’s a smaller, much more manageable change your company can make that will result in significant savings, say the folks at CIO Insight.
Talk with your head of IT about storing data on tape instead of relying on spinning disk storage.
The numbers make the case: Storage accounts for 19% of a data center’s power. But as much as 60% of that data rarely – if ever – gets accessed. Keeping those disks spinning eats up a ton of energy unnecessarily. Tape media can be stored offline.
Mistake #3: Inadequate recovery capabilities for business continuity
Many companies have turned to the cloud in recent years for storage. However, if you’re using the cloud simply for storage, you may run into recovery issues.
The best use for the cloud in DR? As a service provider so that it manages your data, which should keep costly downtime to a minimum.
Plus, many of your peers have developed a false sense of security when it comes to the cloud. More than half (57%) of your peers feel that cloud computing eliminates the need for having a specific disaster recovery site.
And realistically, if your info is up in the cloud, it’s no longer vulnerable to disaster striking your physical building.
But urge other execs and even IT not to take such a short view. That doesn’t account for things like a ransomware attack. Stress that having the data intact is only half the battle – your company still needs to be able to get operations running again as quick as humanly possible, even if that means running things from an off-site location.
You can’t do that without a well-articulated step-by-step plan. (And regular testing of that plan wouldn’t hurt either.)