Companies rely on their data. It drives what they do and supports who they are. But as data becomes more and more valuable, the need for security only grows. Regardless of the industry, ransomware poses an ever-present threat to stored data. So, if ransomware isn’t going away, what can businesses do to safeguard their data against it?
To start, they can evaluate what data they possess. With that information, they can determine how valuable their data is and how much — if any — they are willing to lose if a disaster occurs. This brings us to the topic of recovery point objectives.
What is a Recovery Point Objective?
A recovery point objective (RPO) is the maximum amount of data an organization is willing to lose after recovering from a disaster. It also refers to the last point in time when the organization’s data was saved in a usable format. RPO, also known as backup recovery point objective, determines if the backup schedule is sufficient for maximum data recovery. Some data will likely be lost if a disaster occurs, but a tighter RPO can keep the losses to a minimum.
To achieve a tighter RPO, organizations should back up their data frequently. Organizations want the most up-to-date version of their data to be available after a disaster, and frequent backups leave less time for changes to be lost.
So, what determines an ideal RPO? At the most basic level, companies set their RPO based on the most data loss they can tolerate. Beyond that, industry-specific factors — especially for financial institutions and hospitals that handle a lot of sensitive information — determine how tight an RPO should be. An organization’s recovery speed can be affected by the data storage solutions they use, so those driving the IT strategy should always consider how data loss will affect their operations and overall business.
Although RPO is expressed by time, it’s not the same as recovery time objective (RTO), which is the amount of real time an organization has to restore its processes to an acceptable level after a disaster to avoid significant consequences. RPO is expressed in reverse chronological order, measuring from when the disaster occurred to the most recently backed-up version. It can be measured in seconds, minutes, hours, or days and determines how frequently backups are made.
To determine a sufficient RPO, businesses should take several factors into account. First, they should identify what data they possess and where it exists. Next, they should evaluate how frequently different data changes due to normal operations. Finally, they should assess the value of their data. Once they’ve looked into these factors, they can determine how tight their RPO should be.
Common RPO settings:
- Businesses should back up their critical data at least once an hour. This data is essential to business operations and can’t risk being lost. As such, they should set their critical data up for continual backup.
- Semicritical data should be backed up every one to four hours. This includes on-file servers and chat logs.
- Less critical data should be backed up every four to 12 hours and include any marketing information or other data that is considered less critical. Many businesses have a higher loss tolerance for this type of data.
- Infrequently updated data that isn’t essential to business operations can be backed up every 13 to 24 hours.
- No matter what type of data organizations possess, daily backups are standard best practices and ensure as little data loss and downtime as possible.
RPOs Keep You Ready For Ransomware Attacks.
One type of unexpected disaster RPO takes into account is ransomware attacks. Ransomware is a type of malware that attacks a company’s data and blocks their access to it until a ransom is paid. Cybercriminals encrypt files at the endpoint and threaten to erase files or hold personally identifiable information (PII) hostage until a ransom is paid.
According to Cybersecurity Ventures, there was a ransomware attack every 11 seconds in 2021, amounting to $20 billing in damages. Data loss can halt entire business operations, affecting both internal and external relationships.
Ransomware can take several forms — the most common of which are encryption, scareware, and leakware. Encryption is the most common type and makes it impossible for organizations to unlock their data without an encryption key. Locks restrict computer access, halting basic company operations until the ransom is paid. Scareware is used to pressure businesses into buying unnecessary software. It often takes the form of pop-ups on a screen that force users to pay to remove them. Leakware threatens to leak companies’ private information unless the ransom is paid. When attacked by leakware, organizations risk exposing employee and client information.
The Key To Preventing Ransomware Attacks
1. Maintain Data Backups
Data backups help companies achieve data resiliency and play a major role in disaster recovery plans. Backups on cloud services mitigate the impact of a ransomware infection. Regular backups and isolated data storage help keep data protected and readily available. As mentioned earlier, frequent backups tighten RPOs and prevent data loss during a disaster. Proper backups enable an organization to resume normal operations after a disaster, so it’s important to test backups routinely to ensure that all data is accurate and complete.
2. Establish Plans and Policies
The middle of an unexpected disaster is not the time to decide how to mitigate the problem. Organizations should define the roles employees and departments will play and how different parties will effectively communicate with each other during a disaster. They should establish company-wide policies and make them well-known so employees know how to handle suspicious behavior.
3. Implement Endpoint Security
An endpoint is any network device capable of sending and receiving communications. With more and more employees working remotely, endpoint security is more crucial than ever. Every endpoint an organization possesses is an opportunity for cybercriminals to attack. Endpoint security technologies, such as antivirus software, intrusion prevention systems, and other tools make it easier to monitor and manage security for every remote device on a network.
4. Keep Systems Updated
Ransomware is constantly evolving to bypass security features. By keeping all software and devices updated, companies can close any security gaps and block out ransomware.
5. Install Antivirus Software
Antivirus software is a fundamental defense mechanism in the fight against ransomware. Firewalls are often the first line of defense and protect against software and hardware-based attacks. However, organizations should look out for any fake alerts that may pop up on their devices. They should verify any security alerts through antivirus software.
6. Prioritize Security Awareness Training
With the proper training and preparation, businesses can quickly spot and stop any ransomware attacks before the damage gets out of control. This training should extend to every level of a company so that every employee knows how to spot and report any suspicious activity. Additionally, employees should be taught to practice safe web surfing, create strong passwords, use secure VPNs, and maintain updated systems and software. IT staff should also provide users with an accessible emergency reporting channel.
How bat365 Makes Data Ransomware-Proof
According to the University of Texas, 94% of companies that suffer catastrophic data loss do not survive. The National Archives and Records Administration in Washington also stated that 93% of companies that lose access to their data for 10 days or more go out of business within 12 months.
Any site with users or data is prone to ransomware attacks. bat365’s CloudFS ensures that all sites and data are secured in immutable form. Files are split into metadata pointers that take the form of data blocks. These data blocks are immutable, meaning they can’t be overwritten because all changes are additive. They are deduped before being sent to an object store of the organization’s choosing. A catalog is created in write-one, read-many form and further protected with read-only snapshots. These snapshots can help businesses achieve a near-zero RPO.
When a bat365 user’s data is attacked by ransomware, they don’t have to recover their data — they simply need to restore the metadata pointer map. Metadata is smaller than data, so the recovery process happens much quicker. The pointer map is protected through read-only snapshots of the metadata. These snapshots know what the pointer map looks like at any given point and can restore it to a previous, unaffected state in minutes. Files can be restored anytime, anywhere, and at any file level, from single files to entire file systems. With bat365, companies never have to pay a ransom to recover their data or worry about their global metadata being damaged.
CloudFS’s caching technology provides cost-affordable performance, creating a local feeling throughout a global network. The data is cached at a site based on what’s most relevant to users. Caching all data at every location would be unnecessary and drag down performance. Typical users access the same files every day, so only those files need to be cached. Ransomware will open random files, setting off triggers. When blocks that haven’t been cached are pulled, alerts indicate abnormal resource usage.
Ransomware isn’t going anywhere — but with bat365, neither is stored data. Our solutions help organizations maximize productivity and global collaboration, giving businesses the peace of mind that their data is secure. We provide a data management solution that companies can count on to protect their data — so they can focus on running their business successfully.