As a member of the senior management team in an SMB, you know that a test restore of your backed up data has always been important. As the threat of cyber attacks against small businesses increase, conducting test restores is even more important.
As Joseph Steinberg points out in his article for Inc Magazine, hackers and terrorists are aggressively attacking small and medium sized businesses.The following reasons are why more than 50% of recent attacks have targeted emerging and small to medium sized businesses:
- Emerging business owners are much more likely to pay ransoms to recover compromised data than larger businesses with deeper pockets.
- Whether they realize it or not, small businesses store financial information that can be used to commit identity theft
- Penetrating small businesses often provides access to larger businesses – most small businesses do business with larger businesses and store usernames and passwords the hackers can use to compromise larger targets
- Access to one small business usually results in cross access to others
- Most emerging businesses do not have adequate protection against cyber-attacks
- Smaller businesses are easier targets because they lack the security and technology resources necessary to combat cyber-attacks.
Importance of a Test Restore
As most of us have unfortunately learned from experience, all the backups in the world are useless if you can not recover your data! In his TechTarget article, Rick Cook clearly states that “all too often testing is the missing step in making backups.” He explains that as backups have become more and more complex, the sheer volume of data has increased and IT staffs are reduced, fewer test restores are completed!
"The Symantec Disaster Recovery Research 2007" report says that 48% of the test recoveries run by companies testing disaster recovery (DR) plans fail.
Conduct a Test Restore using the following Step by Step Process
- Delegate test restore tasks to reliable people who have all the necessary security and password authorizations
- Clearly define who needs to be contacted when errors occur, provide off hours contact information and then test the process
- Assign multiple people who can handle all the vital tasks because most cyber attacks occur during off hours.
- Record how long it takes to perform each aspect of a recovery process
- Conduct tests at different times (peak periods and off hours)
- Make sure everyone involved knows the schedule and the proper procedures for both partial and complete recoveries
- Test how well incremental recoveries restore vital information
- Make sure the backups are physically available to whoever needs them (either in secure storage or online)
- Know how long it takes to complete a full restore and develop alternative processes if your data is completely unavailable
- Consider off site redundant systems for your most vital information
- Know what third parties to contact and how to reach them 24 x 7 if you need assistance from outside your organization
- Make sure there are adequate resources available to conduct normal business while key people are involved in data recovery
- Check to see that your procedures and plans do not compromise data integrity or “chain of custody” issues
- If people store important information on client computers make sure that data is also available for backup and restore
- Make sure all log files are being created properly and how to use them
- Develop contingency plans for power outages and building damages
- Be sure you can access systems and data remotely if physical entry to your facilities are compromised
Most important, “after a backup strategy has been designed test it thoroughly and regularly with as many simulated failures as possible."
Do a Full Test Restore on a Regular Basis
- Scott Koller, counsel at BakerHostetler in this CSO article by David Geer suggests that you “perform a complete restoration of every last file to a clean system … and the backup targeted and captured all the data that should be backed up.” Koller says that attention to detail and thinking through every possible scenario will pay dividends in the end and advises companies to “test restores against as many simulated hardware, software, and service failures as are possible in the real world.”
Looking for another set of eyes to catch any cyber threats on your business? Want a professional to make sure your backup is up-to-par? Give Chicago's award winning MSP a call. MotherG ensures that technology is an enabler and not a distractor from getting your core business done.