Security solutions are not enough to fight ransomware. Make sure you have a good recovery strategy.

If the notion of ransomware was unknown to you until now, the attack of the WannaCryptor virus of May 12th that has had global repercussions in all spheres of activity has certainly made you aware of the consequences of such attacks that know no borders.

Computer attacks by ransomware cost businesses millions of dollars a year and are becoming increasingly sophisticated and difficult to avoid. The peculiarity of this type of attack is that it spreads quickly through shared files, sometimes in a matter of hours, as the attack of May 12 demonstrated. Ransomware generally infiltrates through the weakest point in the network, typically the user’s email account or social networking sites.

The ransomware locks the computer or encrypts the files, requiring payment of a “ransom” to give users access to their data. But the payment of the ransom does not guarantee the recovery of the data *, not to mention that organizations which give way to the hackers blackmail become targets of choice for a next time…

If you are lucky, your business was not targeted by the virus and you feel relieved to have been spared. In this case, remember the lesson: you were lucky this time, but rest assured that this type of attack will happen again, and that your organization may well be the victim next time.

Forward-thinking organizations have invested large sums of money to secure their IT environments and the data that transits them, which is often critical and whose destruction can jeopardize business continuity. Although security solutions are part of the equation when it comes to protecting your assets, they are only part of the strategy to counter these threats.

A complete solution to protect you from viral attacks must include a recovery plan with accessible and full backup copies in order to restore your environment as it was before the attack.

Implementing a recovery plan gives you assurance that you can quickly recover and minimize your idle time, which is often the weakest link in the management of computer attacks. The faster you get back to your pace, less your customers and suppliers will have to turn to alternatives that could ultimately be very costly to your business and reputation, even putting it at risk.

Companies that have industry-specific compliance standards are generally more aware and better equipped to quickly restore their infrastructure in the event of an attack. To find out if your company  has an adequate recovery strategy, ask yourself the following questions:

  • Is your backup off site (i.e. away from your primary site)?
  • Can you verify that the backups are happening?
  • How quickly can you restore data that’s taken hostage?
  • Is your original data backed up in an unalterable way, ensuring a complete and integral recovery of your data in the event of a ransomware attack?

By answering these questions, you will take the first step to address the gaps in your recovery strategy in the event of a computer attack. Be prepared to face upcoming threats to protect your assets!

* A recent survey found that of those victims of ransomware who paid the ransom, only 71% had their files restored.

 

Are you ready to face any unexpected interruption?

Many small and medium-sized enterprises have gaps in their technological infrastructure that prevent them from protecting themselves against the unexpected events that cause interruption to their activities.

One company had its offices robbed: servers, computers, client files and even backup copies have disappeared. How to recover from this situation quickly, and minimize consequences? Without a recovery solution, the company’s activities are seriously compromised…

Natural or industrial disasters, thefts, power outages or telecommunications breakdowns, piracy, terrorism, etc. Even a short-term interruption of operations can jeopardize your market share, make you lose several important customers, and threaten the survival of your company. It is essential for any organisation, whatever its size, to be prepared to face any eventuality by protecting its information assets.

A Disaster Recovery solution (DRaaS) allows you to secure your assets and mitigate the unfortunate consequences of an interruption of your activities. ESI offers you the protection of your environment without the burden of spending and managing a recovery site.

Our DRaaS gives you access to our Tier III certified datacentre, equipped with best-of-breed, fully redundant equipment, that guarantees elastic scaling and flexible subscription terms.

Cloud solutions tailored to your needs, affordable and offered by a company with more than 20 years of data management experience, that understands the importance of protecting and safeguarding your assets… Don’t wait for emergency situations to take advantage of it!

Alex Delisle, Vice-President Business Development, Cloud Solutions – ESI Technologies

It’s very important to listen carefully!

I was initially presented a client seeking technical help to perform regular recovery tests in their completely virtualized environment. And a complex environment to say the least with many different very specific CRMs using different databases. Being cautious, I wanted to make sure to meet the client’s expectation before scheduling any professional services. The conversation rapidly turned to business continuity, recovery point and time objectives and not at all around technical help to perform recovery tests.

Taking a step back, we agreed to meet to overlook and understand their business continuity needs and challenges. During the meeting, the conversation widened even more and we discovered that the agility and simplicity allowed by virtualization allowed internal shadow IT to emerge. Business lines were bypassing the IT director and were having the network administrators set up new servers with reserved CPU, memory and storage faster than ever to the point where it was hard to keep track of what was being setup where for what purpose. The conversation was leaning further away from backup & recovery. Or was it? I listened on very carefully.

Listening_Carefully

Suddenly the fog seemed to lift. What applications needed to be recovered in what time? What was the order of priority? What were the dependencies between applications and the services they needed to function? What services needed to be back on line for which applications? Where was the data for every applications? All of this in an environment that was growing very complex. They needed help building their disaster recovery plan. Or did they? I listened on very carefully.

We then learned they already had a remote site, they had already purchased a complete recovery infrastructure, they were to move everything into their new data center and keep the current systems they were operating as their failover site. In short, they had a well thought out disaster recovery plan.

What they needed was someone that was listening carefully and who understood that they were really looking for an experienced team of extra bodies to help them setup the new data center, move the data and applications, test the environment while their own team continued to manage and operate the corporate infrastructure not consultation services for a disaster recovery plan they already had nor technical assistance for tests.

Charles Tremblay, ESI Account manager