Printer Friendly

It's Your Data to Lose: Cyber disaster recovery planning is critical.

Data is the modern oil, says Danny Maxwell. PMP, ITIL. And it's essential that organizations recognize its value, protect it--and anticipate that it will have to be recovered some day.

That's why it's vitally important for businesses to have a backup and recovery strategy and documented plan, says Maxwell, the Anchorage-based territory director with Structured Communications Systems. Headquartered in Clackamas, Oregon, Structured Communications Systems is an IT consultancy and multi-cloud services provider that partners with companies nationwide. "In our experience, it is not a question of 'if' you need a plan but rather 'when' you'll need to execute a recovery." Maxwell says. "Attacks, deleted or compromised data, broken communication lines, etc., are an unfortunate reality of doing business in today's 'connected' world. The more proactive and prepared a business can be determines how fast and effective the recovery process is accomplished "

Cybersecurity threats are extremely serious--and growing. And cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated, according to the FBI, which is the lead federal agency for investigating cyber attacks by criminals, overseas adversaries, and terrorists. Cyber crime is so prevalent that the FBI has cyber experts positioned in its field offices nationwide, including its Anchorage Division.

The collective impact of computer and network intrusions is staggering. Billions of dollars are lost every year repairing systems hit by cyber attacks. Some of the attacks take down vital systems: government agencies, hospitals, banks, and other businesses.

Where to Start

A cyber attack--or a natural disaster like the powerful November 30 earthquake that rocked Anchorage-can cause substantial hardware or software failure. But having a data backup or cyber disaster recovery plan can make it easier for a business to get back up and running after a catastrophic event.

When data is lost or compromised due to a cyber attack, natural disaster, or other calamity, companies generally have two options: recover the data from their last backup or recreate data if a backup isn't available.

Thankfully, most companies with even a handful of employees on staff will have an IT person available to back up their critical systems and information, according to Glen Kratochvil, president of Alaska Computer Guy. Data recovery is something he holds close to his heart because he has lost years' worth of information that could not be recreated. Such a catastrophic event can be as emotional as dealing with a house fire, and the experience can leave most people not thinking clearly, he says. "It's not uncommon for people to call me very upset or crying when they're in the middle of a data-loss emergency." he adds. "If you have a recovery plan in place, you're more likely to remain calm and not cause further harm. Knowing what to do when this happens can mean the difference between complete data recovery and having to rebuild years of company records from scratch." When a cyber disaster occurs. Kratochvil says, companies should start by calling a trusted computer technician or data recovery center and explain what happened How the recovery process is handled will depend on the specifics that led to the loss. He explains: "Often this will include restoring information from backups or decommissioned computer systems; wiping affected systems and reinstalling; or [if there are no backups] recovering some critical data from old email attachments or data sent outside the company. If none of these exist, it may be necessary for companies to recreate data or accounting records from scratch, which can be costly, time-consuming, and lead to significant business interruptions."

Alaska Computer Guy--which has been in operation since 2005--assists businesses statewide with all types of hard drive data recovery issues, often categorized as Level 1, 2, or 3.

Many people think that a hard drive failure is the only reason to keep a backup hard drive, but that's not the case. "When an office is broken into and a computer is stolen, the thieves will take anything that is plugged into the computer, so if that's your only backup, it just got stolen as well," Kratochvil says. "The same is true for fire, earthquake, or water damage. Whatever affects one computer system will likely affect the backup that is attached to it."

He adds: "Cyber criminals or viruses that compromise data on a computer will also infect or encrypt the data stored on an external hard drive that is plugged into it. Put some space between your backups for maximum protection."

Problem Dictates Response

The time and expense required for data recovery is determined by the situation. Data recovery can be simple (the charging port on an old laptop is damaged and the laptop has no power to turn on, but the hard drive and data are in good condition with no damage to them) or data recovery can be complex (an encrypted file system with physical damage and misplaced or nonexistent recovery keys). The cost of data recovery per damaged or compromised device can range anywhere from $75 for simple data recovery to $2,000 or more for severely damaged hard drives that require clean room recovery in a lab, Kratochvil says.

Like Kratochvil, Maxwell says recovery doesn't have to require an ultra-expensive solution. Being proactive and designing business systems with redundancy and recovery in mind will minimize time and expenses should an unfortunate disaster occur. "Today's modern equipment, software, and available disaster recovery services provide many options and levels of recovery," he says. "Businesses, small to large, need to recognize one of the most important assets is your data. Protect it accordingly."

There are several steps that businesses should follow to recover from a major cyber disaster, Maxwell says. First the IT staff should recognize the severity of the situation and notify upper management immediately. If need be, the company should call an expert to help assess the potential breach or data impact.

Then, if necessary, the business should disconnect its environment from outside communication, such as the internet. Next, the company should stop creating or changing its data. "Lock out internal users from accessing applications or shared files and directories," Maxwell says.

After this, the type of "disaster" will determine the next steps, whether they be network changes, virus scans, or full data recovery procedures. "Management needs to take an active role in prioritizing what access, applications, or data needs to be recovered," he says. "Structured offers the expertise and experience to be a passive, active, or combined resource in this process."

Structured can facilitate multiple facets of remediation. For example, to help clients recover from a cyber attack, the company can provide a security review and remediation from a networking and internet access perspective. This includes identifying the specific breach and "plugging the hole."

"Structured can assist with recovery, or 'roll back,' of your business data to a known good state," Maxwell says. "This assumes you have a good backup strategy and 'clean' data at a point prior to the breach."

In the event of a natural disaster, Structured can be on point to coordinate with multiple vendors to facilitate the restoration of phone services or network communications and assist with computer and application recovery. Basically, the company can serve as a one-stop resource for systems recovery. Maxwell explains: "Structured has local resources in Alaska to act quickly and competently. We also have access to many remote experts depending on the size and need of the recovery."

Backup and Recovery Strategies

Cybersecurity and IT experts advise companies to be proactive and put a plan in place to facilitate the data recovery process. A key issue to ensuring a speedy recovery, Maxwell says, is to know what data is being used to run the company. He elaborates: "Establish a value of that data. What is your hourly or daily business impact if your business is offline? Recognize that email may be one of your most important applications."

Companies will likely have various levels of recovery needs, from least to most important. Once they establish their business priorities. Maxwell says, they can formulate strategies and plans. Depending on the application recovery need(s), businesses should consider the following strategies:

* Basic off-site backups, either tape or replicated data

* A passive disaster recovery site, either owned, leased, or cloud-based

* Active recovery site (with live data ready for an immediate fail-over)

At the most basic level, Kratochvil says companies should always have three copies of their data, one original and two backups. "One backup should always be offline--not connected to a computer or the internet--and should be in a different physical location than the others [such as the owner's home, a bank safe deposit bank, or with a trusted employee off-site]," he says. "Rotate the off-site backup at least weekly or monthly to keep it current."

For critical systems, a bare-metal backup or full-system image is a good resource to have. Acronis True Image is a software product that allows businesses to create full-system images that permit them to completely restore a computer--along with all the programs, software, and data--exactly as it was when the image was created. This can be incredibly valuable for computers that have important (or expensive) software installed on them, according to Kratochvil.

"I recently had a doctor contact me because one of his critical diagnostic computers had a hard drive spontaneously die on him with no warning signs," says Kratochvil. "Fortunately, the doctor had made a full-system image using Acronis a few weeks earlier, and recovery was fast. Within three hours of his phone call to me, I had replaced the failed hard drive and restored the image, so the computer ran exactly as it did before the failure, and he lost a negligible amount of productivity because of the incident."

He continues, "Without that full-system image backup, this incident would have caused the computer to be offline for at least a day or two while the computer was reconfigured, software was obtained, and everything was reinstalled."

Kratochvil encourages businesses to automate or proceduralize their backup process as much as possible. Cloud backup solutions like Carbonite, iCloud, or Crashplan make this easy. Once the software is installed, it works automatically and provides a set-it-and-forget-it type of solution.

But even with cloud backups, a local, off-site backup is still important for fast recovery, Kratochvil says. The cloud provider could go out of business or have a disaster in its data center. Or the business could encounter password/authentication problems that prevent access to their data in the cloud.

Some business owners assume that a good data backup and recovery plan will be too expensive to implement. But companies can put a rock-solid backup and recovery plan in place for less than $200, Kratochvil says. In fact, the easiest plan for a small- to mid-sized company or individual would be to buy two external USB hard drives and install free backup software from SyncBack Free. "Create a folder for each computer you plan to back up on the external hard drive and then rotate the hard drives weekly," he says. "Keep one hard drive at the office and plugged in while the backups are taking place and keep the other hard drive off-site when not in use."

He continues, "Either weekly or monthly swap the hard drives, so one is never more than a month old, and the other is always current. The reason to keep two hard drives--with one always unplugged--is because if you have a backup hard drive that is always plugged in, it is vulnerable to anything that happens to the computer it is plugged into."

Expert Advice

Kratochvil urges businesses to be deliberate about their data backup and recovery plan-and get it in place before disaster strikes. They should not rely on a backup that they believe someone may have made a few months ago. And they should have an internal team member who is dedicated to ensuring backups are completed. "Even companies without a full- or part-time information technology manager need to designate a position whose job includes responsibility for maintaining backups," he says.

Companies need to plan regular checkups (annually at least) to make sure their backup and recovery plan is followed. They should also know the location of their backups and the specific kind of protection that each type of backup provides. "An off-site backup kept at the owner's home or a bank box will protect you even if an employee goes rogue and decides to cause a lot of harm to your network on his or her way out," he says.

Maxwell says some of the best data backup and recovery advice is the simplest: plan, test, and review regularly. "If you're not comfortable with this process, hire a professional," he says.

By Tracy Barbour

Data recovery services providers typically categorize hard drive data recoveries as one of three levels:

Level 1: This is the lowest level, and it requires the least expertise and resources because the hard drive is still 100 percent functional. Level 1 problems are the result of deliberate damage, corruption, or deletion of all or part of a hard drive's file system Level 1 often involves issues such as deleting a file or folder, reformatting the hard drive, and restoring the operating system.

Level 2: With this category, the hard drive is not functioning properly, and the situation requires more expertise for resolution. Level 2 data loss situations are normally the kind of problems an end-user cannot solve. These issues often entail defective printed circuit board electronics, corruption to the drive's firmware, or issues with full disk encryption or file encryption.

Level 3: These types of problems signify a major failure with the hard disk drive, which must be made functional again before data can be recovered. Typical complications relating to this level involve damaged head and disks, dropped hard drives, and fire or water damage Level 3 means the hard drive will require extensive work in a sterile cleanroom to allow the best chance for data recovery.
COPYRIGHT 2019 Alaska Business Publishing Company, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2019 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:TELECOM & TECH
Comment:It's Your Data to Lose: Cyber disaster recovery planning is critical.(TELECOM & TECH)
Author:Barbour, Tracy
Publication:Alaska Business Monthly
Geographic Code:1U9AK
Date:Feb 1, 2019
Previous Article:A Lesson Well-Learned.
Next Article:Not-for-Profit, For-the-Economy: Mission-based organizations are economic drivers.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters