We talk a lot about the importance of having a strong antivirus program and regularly and routinely patching your systems. It’s all for good reason. These measures protect your systems against attacks and vulnerabilities that could potentially cripple your business or at the very least, leave you with frustrating problems to fix. Unfortunately, however, the computer security firm Risk Based Security has discovered that over 25% of known computer vulnerabilities have no known remedy. This means that even if you’re doing everything right - running antivirus, deploying every single patch that comes out as soon as it comes out - there are still holes that could allow a hacker to access your systems, and at the moment there’s absolutely no way to prevent it. That’s scary!
Does Your Business Have a Backup Plan?
This doesn’t mean that you should give up on antivirus and patching - quite the opposite. Knowing that there’s such a large percentage of no-remedy issues out there, it’s extra important to be vigilant about protecting yourself where and when you can. However, it’s also imperative that you ensure your data is properly backed up and that you have a strong business continuity plan in place. With no known fix for approximately 2,260 system flaws, there’s a possibility that your organization will be compromised. And if it is, you’ll need to be able to shut things down to prevent further damage while also spinning up a new environment as quickly as possible.
If you’re already properly backing up your files, you should be in pretty good shape, but if you don’t… well, start. Now.
Having up-to-date backups is one of the most critically important things you can do for your organization’s IT. In order to determine what to backup and how often, consider the information you’ll need to keep your business running smoothly and how much of it you can reasonably afford to lose. For example, If you think losing even an hour’s worth of work would be disastrous for your business, then you should be running your backups on an hourly basis. However, if you can afford to pick things up with a week’s worth of information missing, then you’ll only need to run a backup once a week (although that’s a bit too infrequent for our liking).
You’ll also need to determine what information you want backed up. Some organizations, like hospitals, financial institutions, or law firms may need to backup every single piece of data from the last three to seven years (depending on the regulations governing their industries). Whereas your organization may only be concerned with backing up specific pieces of information such as recent contracts, open invoices, or sales proposals. It all depends on what your business needs in order to continue to operate successfully.
Once you’ve made that determination, the next thing you’ll need to decide is how you’re going to retrieve these backups. With your current systems compromised, you may need to restore everything to a secondary remote server and access it all from there. You’ll also need to take steps to secure your network to ensure that the secondary server and the clean data isn’t compromised once you access it.
To find out if your business would be able to handle an attack, take our business continuity quiz.