Listen to the audio version of this article
Whatever industry you are in, a disaster recovery plan is essential to the survival of your business. This is especially true for professional services firms.
Imagine that, despite all your precautions, the worst happens and all of your data is stolen or lost in a cyber attack. How long would it take you to restore your data and become operational again? Hours? Days? Weeks? How much would your business lose during that time?
Whether your data size is two gigabytes or two terabytes, having a robust disaster recovery strategy is critical in order to avoid downtime that is costly in terms of both finance and reputation. That said, there are some companies and industries that are more vulnerable to data loss disruption than others. Professional services firms such as lawyers, accountants, consultants and recruiters need to place a particular emphasis on data back-up and recovery.
Professional services firms trade in knowledge and therefore in data – this data is often of a sensitive kind. Client details, case details, financial information. All of this information could be used by hackers if a breach occurs. In addition, losing data at a critical moment could have a big impact on clients – for example if a lawyer misses a statute of limitation date due to a data breach or an accountant fails to file a client’s tax information on time.
Real Life Ransomware Examples
There are plenty of real life examples of professional services firms hit by ransomware:
A UK firm pays a £2 million ransom to cybercriminals to get their data back.
A US law loses access to their database for over 3 months. They paid a $25,000 ransom to cybercriminals but still failed to recover their data.
Hackers lock law firm files for three months with ransomware – Read here
Global law firm DLA Piper had no access to phones or computers for two days after being attacked by NotPetya. It took them a fortnight and over 15,000 hours of IT staff overtime to recover full operations. This was not covered under their general insurance policy, so millions of dollars of revenue were lost.
DLA Piper paid 15,000 hours of IT overtime after NotPetya attack – Read here
DLA Piper insurance dispute – “nothing to do with war exclusion” – Read here
A US firm was hit by a ransomware attack. An uncorrupted data back-up was available, so whilst they lost time and resources they were able to recover their data within a reasonable amount of time.
Cybercriminals are not known for their integrity – even when firms pay ransoms, there is no guarantee that they will be given access to their data. The only way for professional services firms to protect themselves is to have a comprehensive disaster recovery plan that not only frequently backs up data but has a way to recover it quickly and efficiently when needed.
Ransomware and GDPR
Article 32 of the GDPR Act states that organisations must have:
(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Professional services firms are responsible for not only having a back-up of personal data, but also of ensuring that data can be recovered from the back-up without too much disruption. In the case of a personal data breach, businesses who are not following these regulations can expect to face larger fines.
The Cloud and On-Premises Back-Ups – Your Disaster Recovery Team
On-premises back-up is a good start and is often the most convenient way to restore your back-up quickly. However, it is not enough for full disaster recovery. For a start, in the event of a disaster such as fire, flood, theft or other natural disasters, your back-up will most likely be destroyed alongside the rest of your IT system.
Having a second back-up of applications and data on the cloud, ideally on a third party solution, is critical for disaster recovery.
It firstly means that even if your entire office is destroyed by physical disaster, your data is safe. Just purchase new devices, restore and you can get back up and running again.
Cloud back-up through a third party provider is also more secure. With server-based back-up, malware could possibly transmitted into your back-up system through corrupted files and corrupt these as well. Cloud-based back-up systems will be specifically designed to prevent this from happening, so even if your most recent back-up is corrupted, previous back-ups should be available.
Thirdly, cloud back-up is very scalable. You can expand or reduce your cloud usage according to your needs, meaning that you are only paying for what you are actually using.
Protect Your Business With Disaster Recovery
What would be the impact of your business being offline for a day? Or a week? Or a month? When you think about this, investing in a disaster recovery solution to prevent such business outages becomes a ‘no-brainer’.
It’s not enough just to “have a back-up”. You need to ensure that your back-up is spread across a server-based and cloud system so that you are protected from different types of potential disasters. There is no point having a back-up if you lose it alongside everything else.
It is also important to know that you are able to recover your back-up within a reasonable amount of time if needed. Having a data backup that takes weeks to restore will cause almost as much disruption as having no back-up.
A disaster recovery solution protects your business for the future, leaving you prepared even if the worst does happen.
Ransomware is a type of malware which encrypts victims’ files so that they cannot access them. The cybercriminals then asks for payment, or a ransom, for access to the files.
A server backup is normally stored on your premises in a server. It is quick to restore, but vulnerable to physical disaster. Cloud backup is stored in external datacentres and often replicated across several locations.
Disaster recovery is an area of IT security that aims to help business users minimise the effects of catastrophic events such as cyberattacks or physical disaster. It focussed not just on backing up data but on having a plan in place to recover as quickly as possible.