Six steps to limit ransomware damage to your company
29 June 2021 | 0
In association with Waterford Technologies
Ransomware is not a new topic; it has been around for quite a while now and it is safe to say that absolutely no organization is immune or safe from it. Size, industry, or location has absolutely no bearing on whether you will be attacked or not. If you are an organisation that values your data, you may well be feeling overwhelmed by the number of threats possible and may be wondering or even panicking about how you can control what may feel like the incontrollable.
In recent weeks we have seen the most significant cyber attack on the Irish state in the HSE ransomware attack.
When people think about ransomware, they often wonder why people pay the ransom. Can’t they recover from these attacks with their back ups? The truth is that many solutions do not have the protection capabilities that organisations really need for malware protection and once in place, recovery scenarios quickly become limited.
Why not use backups?
When data is compromised, most companies find themselves doing a quick cost-benefit analysis of their options. However, if the right data protection solution is not in place, it often leads to paying the ransom.
Advanced ransomware is now targeting backups and thus encrypting/deleting them completely. This means recovering from offsite backups often takes too long, pressing organisations to pay the ransom. Most organisations do not have the visibility into their backups to know what they can recover without reintroducing the malware.
Backing up to protect file data should be considered as only partial protection as versions are not retained for long periods of time.
The ability to easily search for and locate a file is of vital importance with a data archive. An archive can potentially contain a huge amount of data built up over several years and it is unlikely that the location of specific files and folders will be known. It is incredibly important that these files can be found quickly and efficiently for compliance reasons and if a legal request is made.
Six steps to protecting critical documents and file data from attack or destruction
Retention or litigation hold
Microsoft and AWS both offer immutable Blob storage options that prevent objects from being written over or deleted until a specific retention period has passed. In addition, some storage vendors offer ‘litigation hold’ options that protect file objects from being deleted until the hold has been released. These settings are at the container or bucket level. Retention or litigation hold can protect the containers/buckets from storage account deletion and/or container deletion.
Lock down your critical data
Immutable storage is for organisation-critical file data that you simply cannot lose. This data may be required for regulatory compliance, business operations, project plans, financial documents, contracts, etc. Waterford Technologies can implement TripleLock archives which uses immutable storage to protect your critical documents and files from being encrypted by ransomware or deleted accidentally until the retention period that you have defined for the archive has expired. TripleLock helps you in meeting regulatory or legal retention requirements for some types of information that requires an additional level of protection.
Fast accurate visibility into your e-mail and file data saves valuable time in recovery. Recovering from a ransomware attack requires proactive data management and controls and it is crucial to have visibility into any organisation’s e-mail and file systems in case of an attack. Archiving organises business e-mail and file information and makes it discoverable and usable.
E-mail and file archiving software can run storage analysis reports identifying the location of your most critical data. This data may be financial (spreadsheets or other reports), projects, engineering documents like AutoCAD files and legal documents such as contracts, HR files or other business-critical files. Reports that identify files using file types are especially helpful. File archiving software like SISCIN will show you how many of these files you have and where they reside. You can use SISCIN Vue-X Search to identify files and folders by keyword content as well.
Develop your data recovery strategy
Every organisation must have a strategy for recovering data in the event of an attack or hardware failure. The goal of those targeting your organisation with ransomware is to disrupt your operations to the point that paying them to get your data back is your best short-term option. By combining industry-standard back up and SISCIN archiving strategies not only protects your data, but your most critical data can be accessed immediately in the event of hardware failure or a ransomware attack.
Back up your data frequently
Every organisation should back up data frequently. Without good backups, your organisation cannot effectively recover from the loss of hardware, accidental deletion, or ransomware attacks. Backups typically target specific drives or shares and stream the entire contents to a very large file. Because these files become so large storing them can become an issue and finding individual files or folders and restoring just the contents of those can take a very long time. Backing up is best when restoring large volumes of data and not individual or groups of files.
Look for a managed service
Waterford Technologies supports its software with a personal, dedicated touch. A strong proponent of the power of good customer support, Mark Mulcahy, technical sales director, Waterford Technologies, says: “If I had 30 seconds to talk about our software, I would spend the entire 30 seconds talking about the managed service piece that surrounds it.” He says the pandemic has brought clients a greater appreciation and understanding of the managed service offering. “A lot of our clients have been under pressure, so they’ve reached out to us for support. We provide advice and guidance as they undergo changes in work practice. I think it’s been a real comfort to know they have us at their beck and call.”
How can e-mail archiving help in an e-mail attack?
The threat of e-mail attacks has never been greater, preventing an e-mail attack and minimising its damage is top of the agenda for IT and security departments across the globe.
Hackers attack e-mails for one simple reason, it is the communications technology that is most widely used by employees. Especially in the current climate, which includes remote working and employees with more access points to their e-mail, phone, tablet, desktop etc. Increased access to e-mail can also mean that employees are opening e-mails outside of working hours. They are more likely to be easily duped and inattentive when it comes to security. The latest e-mail attack methods can cost company millions in lost revenue, legal fees, and lost business opportunity.
Without a comprehensive, searchable archive organisations can be left relying on guesswork for a lot of the incident response. Through e-mail archiving and edge security, organisations can pro-actively monitor their systems using a compliance module so that they can be prepared in the event of an attack.
Ask Waterford Technologies for help
Waterford Technologies is happy assist in developing a critical data protection strategy so that data is safe, protected and compliant with regulations. Once a strategy has been defined, the SISCIN team can run analyses and assist in creating sample policy templates you can use to protect your data across your entire environment. If protecting data is a priority for your organisation, contact Waterford Technologies, the largest provider of e-mail and file archiving to the public sector in Ireland.
Laura Stotesbury is head of marketing at Waterford Technologies