Many businesses don’t realize that data backup and recovery is your best defense against cyber attacks and the disruptions they cause. Doesn’t matter what kind of cyber attack — ransomware, worms, viruses, encryption — whatever the cyber criminals use, they will fail if you have backed up your data and developed a recovery plan.
Let’s face it: Hackers will hack, steal and cripple any business they can. Small businesses like yours are particularly tempting to them because you are small and probably don’t have the most up-to-date cyber security or the large technology staff needed to stay on top of new trends.
In 2020 there were literally thousands of ransomware attacks. But businesses who worked with a managed service provider (MSP), such as Internos, recovered their data for less money and less headache than paying the ransomware demand. Developing a disaster recovery plan pays off.
Are You at High Risk?
You may have heard of the SolarWinds software supply chain cyber attack in December 2020. It made worldwide news and the fallout is still being determined. But the most devastating attacks often don’t make the news because they’re on local businesses. The industries and business types most often attacked are those that have older IT equipment or a small IT staff. So if you are not keeping up with cyber security trends and technology (which change often and fast) you are at high risk. In 2020, small businesses , cities, schools and hospitals topped that list of victims.
Small and Medium-Sized Businesses
Small and medium-sized businesses are top targets and one attack can literally put them out of business. Inc. reported that a National Cyber Security Alliance study found the following for small businesses (SMBs):
- 43 percent do not have any cyber security in place
- 50 percent have experienced a cyber attack
- 60 percent of those attacked closed their doors permanently within six months
- 25 percent paid $10,000 or more to resolve the breach
- 50 percent took 24 hours or more to recover
- 25 percent lost business
- 40 percent permanently lost data
Cities and Municipalities
The ransomware attack on the city of New Orleans early in 2020 shut down 4,000 of its computers and demanded $7 million. Instead of paying the ransom, the city invested $4.5 million to fix some of the damage, replacing 400 computers, increasing their insurance, updating software and creating a much-needed disaster recovery plan for the future. It took more than six months for the city to be back to normal and their insurance only covered $3 million of the cost.
Hospitals and Medical Facilities
A coordinated attack on six U.S. hospitals in July 2020 diverted patients on their way to the hospital to other health settings, delaying critical care. Patients in the hospital were unable to receive needed tests and treatments because network systems were compromised. The attack was so bad and widespread, a red alert went out to all U.S. hospitals.
Schools and Universities
In 2020, ransomware attacks left the University of California San Francisco paying $1.14 million in ransom and the University of Utah paying $457,059.24 to unlock its files and get phones and internet working again. K-12 schools in Connecticut, Oklahoma, Nevada, New Mexico and New York were also hacked.
Data Backup and Recovery After a Ransomware Attack
Statistics from the 2020 State of Ransomware Report by Sophos, an international company that makes encryption and antivirus products, highlight the importance of data backup and recovery.
Of businesses that recovered their data, only 26 percent did so by paying the ransom. The majority, 56 percent, recovered their data by restoring their backups. Paying the ransom costs twice as much as data recovery through backups. It also rewards criminals and encourages more cybercrime. So it is far better to invest now in prevention and backups. Then if you’re ever attacked, you won’t have to even consider paying the ransom.
Here are a few tips for better cyber security in 2021.
- Data backup and recovery. Create or update your plan with your IT team and/or MSP.
- Training. Set up a regular training program to teach your team how to spot attacks and avoid falling victim. The best MSPs will include staff training as part of their package.
- Trends and technology. Staying on top of the latest cyber security threats and protections can be nearly impossible for many small businesses. Again, top MSPs will have the cyber security expertise to manage this for you as part of their packages.
- Endpoint protection (device-level). Every device (computers, phones, etc.) needs to be protected. (Yes, an MSP can help with this, too.)
- Simulations. This involves sending people on your network “fake” attacks to identify where additional training or systems might be needed. Running simulations is another highly valuable role the right MSP can fill.
Having strong cyber security to prevent attacks is important, but so is the ability to quickly recover with a strong data backup and recovery plan. Cyber criminals are always changing tactics and finding new ways in, so no prevention is 100 percent guaranteed. But with the right backups in place, you can recover quickly after an attack with less expense and little to no lost business or data.