Restore (Recovery)

The term Restore, also known as Recovery, is the process of retrieving production data from a backup copy of that data.  Having to recover your data following a security incident or event can be stressful if your organization does not have a well tested data recovery process. Most companies have a disaster recovery and business continuity plan in place to handle these events.  However, if that plan hasn’t been tested, you might be surprised how much technology and process has changed since the initial plan was created. SMB’s are encouraged to have a plan and to regularly exercise the plan (*a minimum of annually).

Historically, Ransomware attacks are mitigated with strong backups, however, its important to know that recent developments in ransomware (MAZE) have made recovery efforts more challenging and led to many more companies paying hacker’s ransom demands. It’s far better to never need to exercise your backup strategy in real incidents whether technical or malicious in nature, but having a strong recovery plan in place will provide business owners peace of mind.

Source: NICCS, NIST

Additional Reading: MAZE Ransomware: 3x Threat to Data Security

Related Terms: Data Breach, Ransomware, Business Continuity and Disaster Recovery Plan

What should SMB Owners do for Recovery?

SMBs should have a documented data restore process that has been tested within the last 12 months and is updated regularly.  Having a formal Business Continuity and Disaster Recovery (BCDR) plan is a minimum standard for any business.  It’s also one of the best ways to recover from traditional Ransomware attacks (restore your encrypted data and move on). Just be aware that some strains of ransomware will ex-filtrate your data and threaten you with public release of that data.  This puts data confidentiality at risk – something that backups cannot solve (they solve for data availability).
 
CyberHoot recommends strong data backup processes following the rule of three (3) for backups:
  1. Have at least three (3) copies of your data.
  2. Store the copies on at least two (2) different media types.
  3. Keep at least one (1) of those copies offsite.

For more information on the Response Process, watch this short 2 minute video:

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.