Imagine this scenario. When the first employee into your office on a Monday morning fires up her computer, she encounters a threatening message on the screen:
“We have taken control of your entire corporate network and encrypted your digital assets. Transfer 15 bitcoins into the account below, or your data will be permanently destroyed.”
A ransomware attack like this is just one of many real-world scenarios that highlight the distinction between data backup and disaster recovery, and here’s why. Let’s further assume that in this nightmare hypothetical, your company has a process for backing up all of your corporate data, applications, and operating systems. That’s the good news.
The bad news? You’re managing your data backup entirely in-house, backing up to on-prem servers on the same network you use to manage your day-to-day IT processes. The ransomware spread to infect those servers as well. In other words, just by gaining access to your primary corporate network, the ransomware attackers also took control of your backed-up data and systems.
DRaaS creates a redundant virtual environment for your data—invisible to hackers.
With the right Disaster-Recovery-as-a-Service partner, however, you’d be backing up your corporate data at all times to a separate, functionally redundant digital environment—one that the hackers wouldn’t even know existed, let alone be able to infect with their ransomware code.
Now, in that same scenario, the ransomware attackers would have a lot less leverage over your company, because:
- You’d have all of your mission-critical data, apps, and systems secure and accessible in the cloud, completely outside the reach of the cybercriminals.
- You’d have the ability to access key data based on the Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs) you specified with your DRaaS provider.
- You’d likely be able to retrieve and access the data your company needed within minutes of contacting your DRaaS partner or logging into your portal to start the recovery process yourself.
Recovering data after an attack is just one part of a comprehensive readiness strategy.
It’s important to point out that we’re focusing only on the worst-case scenario, where ransomware attackers have already locked your company out of your IT infrastructure, and you need an alternative means of accessing your mission-critical data.
An effective disaster-recovery strategy must include several preventative practices as well, so the bad guys can’t successfully infect your network in the first place. Those preemptive practices should include:
- Training your employees on the basics of cybersecurity awareness, such as identifying phishing schemes and common attempts to infect networks with malware.
- Developing strict guidelines over which employees may have and issue administrative rights to your applications, systems, and devices.
- Implementing IT governance rules for introducing outside devices onto the corporate network, such as restricting unapproved or unknown devices to secure “guest” networks.
- Signing up with a proven, trusted provider of DRaaS solutions—to help your team with these measures and the many others you’ll need to take to safeguard your operations from ransomware, as well as other types of disasters.
The most trusted partner of the world’s #1 data management company
OffsiteDataSync has been safeguarding businesses’ mission-critical IT systems for decades. CIOReview Magazine recognized OffsiteDataSync as one of the “20 Most Promising Disaster Recovery Solution Providers,” and we were named the 2019 North American “Partner of the Year” for Veeam, the world’s #1 cloud data management company.
To learn more about how to set up an effective disaster-recovery strategy, download the eBook OffsiteDataSync developed in partnership with Veeam: