You took as many steps as you could to prevent an attack and you have the tools to detect and analyze the attack (Detection) but when all the mayhem settles down you have to Respond right away! One aspect of a Response plan is recovery strategy which is more than a backup, you have to also be concerned about the end point devices to assure all the malware is gone and get back to operational normal as quick as possible.
The most important thing to consider is how quickly and easily you can recover all your files, applications and functionality without corruption in the event of a disaster, or in this case, hit by ransomware. For example, if a server were to be infected in your office but your back-ups were stored on an external hard drive, you could get back up and running but you have to reimage that server because you have to be 100% sure that there is no malware left behind. That process would entail installing the operating system, reinstalling all your software, re-uploading all the data and configuring the entire system. This could take days – leaving you without the ability to run your business. A business continuity plan is more then a backup its a strategy that is applied and needs to be practiced.
It is the ability for your business to continue operations after a major disaster or a ransomware attack. If all your backups were stored on servers within the office you would likely go out of business. However, if your business was in the cloud, all your employees could continue working – giving business continuity. All go hand in hand; robust backups and disaster recovery are essential elements of good business continuity. This is especially important in this day and age where data and applications are the foundations of business.
Although every business has its own unique policy, process and procedure. As a minimum we recommend a hybrid solution of onsite backups and in the cloud backups, both with incremental backups throughout the day. Today there are backup solutions that can do this automatically. This is a conversation that needs to happen during the discovery process.