Written by David Garwood, Head of Operations, Riverbank IT Management
Ransomware is big news right now following the much publicised WannaCry cyber-attack that hit the NHS.
What many people don’t know is that a huge number of small businesses were also hit – this wasn’t an attack targeted at the healthcare profession, it hit whoever had a particular vulnerability within their IT setup.
Over the last week, thousands of businesses across the UK (and the world) have had to call up their IT provider and then play the waiting game whilst they work on getting everything back up and running, not knowing what was going on. A lot of these companies will come out of the other side with a feeling of being let down, thinking, “Was our IT provider genuinely prepared to deal with this? Are they really who we want by our side in a crisis?”
Look at this list, and ask whether your IT provider did (or could) do all of these things:
1. Minimise the chance of infection in the first place. Effective security configuration, vulnerability patching, regular penetration testing, and appropriate software (not just antivirus – that simply isn’t adequate any more) are all vital lines of defence.
2. Have secured backups in place, according to your business requirements. There’s no point having (and paying for) an hourly backup if your data only changes once a week. Conversely, don’t have a backup once a week when your mission critical data changes every hour. If the backups aren’t secure, you may lose them to the ransomware attack as well. What effect would data loss have on your business?
3. Proactive and quick to react. The best security configuration will alert your IT provider as soon as something out of the ordinary happens. They should be calling you to tell you, rather than sitting by the phone waiting for your call.
4. Know and understand your business needs. By knowing what your business considers to be the most important data, a targeted recovery can get your key data recover first allowing you to get back to work, whilst the less critical data can be recovered later. Premium IT providers will work with you to identify what is crucial, and will help you create a robust disaster recovery plan.
5. Have a major incident plan in place. Your provider should know exactly who does what in this sort of situation. Who manages the technical work? What about communication? Someone at the IT provider must own the whole process and take responsibility to ensure it runs smoothly. Not having this plan in place results in chaos.
6. Communicate effectively. So, your IT provider is working on removing the ransomware and recovering your data. Great, but do they keep you up to date with progress and an expected time when everything will be back to normal? You can’t plan anything if you don’t know when you can work again.
7. Post-incident analysis. After the event, would you get a full report or debrief on where the vulnerability came from, what was done to fix it and what can be done to prevent a recurrence? If not, how do you know you won’t get hit again?
The scariest thing is that this sort of threat isn’t going away. No matter how good your IT provider is, there is a chance that you will be affected at some point.
Yes, you can do all that you can from a technical prospective to minimise the risks, but the best prepared businesses (and therefore those that will have minimal downtime and data loss) will be those that partner with an IT provider that can react quickly and effectively if the worst does happen.
These are the businesses that will lose the least time, and regain access to their data quickly so that they can get back to work. If your IT provider doesn’t do all this, or you’re concerned that they can’t, maybe it’s time to look elsewhere.
David Garwood is Head of Operations at Riverbank IT Management, with over 15 years’ experience in IT Service Delivery – both managed service providers and internal IT departments. His primary focus is on improving the quality of service delivered through the use of well-defined processes, and by developing high quality technical and customer focussed teams.
If you have concerns about leaving your business open to the unexpected or just want advice about IT security, get in touch with our experts at Riverbank on firstname.lastname@example.org or call 01235 426700.