Why your server backups are so important.
I am furious. Out and out outraged. I can’t believe it still happens but it does. I was reminded of it again yesterday. Why so mad? Because it gives IT people a bad name and it’s soooo easy to fix. It shouldn’t even be an issue.
TEST. YOUR. BACKUPS.
Backups are important right? Right.
Talking about backups is boring right? Right.
But each and every business owner needs to read this and make sure that any future discussions regarding backups stays boring. You don't want to be telling a story like the one below.
The not so boring backup story
Yesterday evening I was called by an ex-colleague. He was one of the directors at a business I worked at previously.
He explained to me that he is having issues at his current workplace. There is a shared drive for the financial information of this company. He explained that recently the network had been hit by a virus and all the files on this drive were “infected”. He would like to know if it can be cleaned up because the IT guy at his company suggested that it couldn’t be cleaned up and they would have to recreate these files.
He said it was called a “VVV virus”. I thought, “well that’s ok as long as it’s not “Ransomware. Because if it was Ransomware, then we’d been in trouble.”.
A quick Google and a few “oh no. no. no.'s later the “infection” was infact the TelsaCrypt VVV Ransomware.
What is Ransomware?
Ransomware is a nasty addition to the malware family. It’s been in the wild for a couple of years now and it is bringing companies to their knees, if they don’t have proper backups in place.
It works like this. The “virus” makes its way onto a computer on your network. Usually by a cleverly crafted email that looks like has come from Australia Post, or Microsoft or a resume for a job you listed or another legitimate source. The user of the computer follows the instructions on the email and downloads and installs the file so they can receive their parcel, or upgrade to Windows 10 or whatever it might be. Once installed, the ransomware begins the task of looking for valuable information stored on that computer and any shared drives that computer is connected to.
As it finds these files it “locks them” so you can’t open them any more and leave you a message in a text file next to your now unusable Excel, Word or other document. The text will have the following information in it, and I'm paraphrasing here:
“We've locked all the critical files on your computer that we could find. If you’d like to unlock them we’d be happy to help. You just need to pay a ransom and we'll gladly give you the key. We'll give you 100 hours to decide what you’d like to do. If you don’t pay the ransom than we'll destroy your key and you'll never see your files again.”
If you want detailed information on this particular piece of ransomware, read it here
I began to explain what Ransomware is and what possible steps you can take to get your files back. The conversation went something like this:
“So what can I do now?”
“You've got two options but really only one. You can pay the ransom which I don’t recommend because you may not get the key anyway. The best thing to do is restore your data from your latest backups.”
“There’s a problem with that. The backups haven’t worked properly since mid last year.”
Now I want to be clear on something. You can have 3 layers of protection and these viruses can still get through. What you need to have is 3 layers of protection to stop the majority of the viruses but when one sneaks through you need to have a backup plan (pun intended). A backup that works!
How do you make sure your IT department is confident your backups work?
- They should check to see if the backups have completed successfully
- They should receive alerts to tell them when backups have failed.
- And the big one – They should restore data from the backups!
This is truly the only way to know if a backup is successful. It’s not hard and should be done regularly.
Our proactive support clients have their backups tested monthly via a restoration process. We attach a backup drive, restore files, emails or databases (to another location of course) to make sure the backups can actually be used if required.
This is a very simple task to complete. It should be added to every IT department’s monthly tasks and reported on.
Think of the cost
For everyone month of data you lose, you lose twice that in lost productivity.
In this example, 6 months of a finance team’s work is lost. Even a small finance team of 3 would have a combined salary $200,000+ p.a. If they lost 6 months of work to ransomware then they would need to dedicate the next few months to recreate this data. Even if they were able to get all this work done in under 6 months they still would have lost hours which should have been spent on their current work. When you think about IT and backups the time and effort it takes to get your backups properly checked is simply the cost of doing business.
That is why I'm furious.
A final thought.
Here’s the thing. If companies had good practices for backing up and testing their backups, ransomware would be at worst be a large annoyance. Yet that is not the case. Businesses are being crippled by ransomware because these “hackers” are being rewarded for their efforts. Business backups are not up to scratch across the board, and that’s just scary.