While it’s true that restoring from backup is the best option when you’re hit with a ransomware attack there are several things to think about when you use backup as the core of your ransomware protection strategy.
Recovery point objective (RPO): Recovery Point Objective is the timeframe dictating how often backups are created. It also informs the dates and times you can recover from. If you take weekly backups and you suffer data loss you can restore that computer exactly as it was a week ago. If you take daily backups and suffer data loss you can restore your computer as it was the day before.
It’s important to understand what your RPO is and how much data you could stand to lose if you were hit with ransomware and had to recover from your backup.
Ex: If your RPO is a week and your backups occur on Sunday, a ransomware hit on Saturday is going to wipe out a week’s worth of work. If your RPO is 24 hours, on the other hand, at most you’re going to lose a day’s worth of work.
Recovery time objective (RTO): Recovery Time Objective is the rough amount of time it will take to restore a computer from backup and get it back up and running. RTO is typically used to help your IT team estimate how long it will take to recover from any data loss.
However, you should keep in mind that this is an average. Depending on the type of data loss the time to recover the data might be longer than you anticipated.
The better the backup, the bigger the price tag: While it is possible to keep your RPO and RTO very low and improve your ability to recover more data faster, the price tag on those types of backup systems can go up very fast.
In most cases, it can be more cost effective and time efficient to invest in endpoint protection designed to identify and disrupt evolved threats in real-time rather than looking to upgrade your backup solution. You’ll stop more attacks and not be as reliant on backup.
Local backups can be encrypted by ransomware, too: If your backup solution is local and connected to a computer that gets hit with ransomware the chances are good your backups will be encrypted along with the rest of your data.
Ransomware such as CryptoFortress and Locky can encrypt connected network drives, so it’s crucial to have a backup that isn’t directly connected.
Clarity hopes you enjoyed this email blog and will follow along with the additional segments in the weeks to come. The next installment will be “3 Tips to Make Your Backup Ransomware Ready”
Want to know more? Clarity is always available to discuss your data backup and data protection needs. Call us at 937-303-4033 to discuss your needs and if you are protected.