[Reading time: 3 minutes]

 

Yesterday, I asked about your organisation’s ransomware policy, and whether you would pay the ransom if you were the victim of a ransomware attack.

Many organisations believe they can avoid paying a ransom, by recovering data and systems from their backups.

 

This is certainly possible.

 

With the right technology and detailed planning, you could restore many of your systems and files from backups, and manually recreate / rebuild the others.

 

But…

 

1 – Are you absolutely certain that these backups would be inaccessible to the bad guys during a ransomware attack?

 

2 – Does someone test these backups regularly to confirm they can relied on, and do they provide you with evidence of these successful tests?

 

3 – Have you written down what is (and is not) protected by these backups, so you know what could be lost forever (e.g. very old data; non-critical data) and what would need to be manually recreated (e.g. very recent updates)?

 

4 – Have you documented how long all this will take?

 

5 – Do your timelines include the time you will ‘lose’ while you investigate how the attack happened, so you reduce the risk of it happening again?

 

6 – Have you written down the plan so that in the middle of the crisis, everyone knows what they need to do and in what order?

 

7 – Does this plan consider the critical business processes that will be disrupted and for how long?

 

8 – Have the owners of these critical business processes written down how they can operate these processes during this disruption?

 

If this isn’t all written down so everyone is on the same page…

You don’t have a plan – You have an assumption.

If you assume you will be OK, but don’t have it written down – I recommend you get writing.

 

And, believe it or not…

The 8 points above serve as a pain-free intro to the topics of backup strategies, IT disaster recovery (DR), business impact assessment (BIA), business continuity planning (BCP), and incident response (IR).

You didn’t feel a thing, did you?