Do you have misplaced 'backup confidence'?

Almost every small to mid-sized business has some level of misplaced ‘backup confidence’, meaning they believe that they can recovery their business data in a timeframe that meets their business needs.

So how does this happen? ??Most of the time misplaced backup confidence is tied to the fact that most business leaders think backups are easy because we (the MSP and IT community) don’t do a great job discussing the pitfalls.? We are also typically over-confident on our knowledge of where all the data is located with businesses using multiple SaaS applications and remote employees trying to be as efficient as possible, the location of every piece of business-critical data can be challenging

Here are some scary facts about data protection:

1. 22 Days - The Veeam 2024 Ransomware Report states that it takes businesses approximately 22 days to fully recover from a ransomware attack.
2. Forensic Delay - Many cyber insurance companies and/or industries will require that a forensic investigation be completed for any incident or breach which will delay recovery efforts.
3. Cloud Attacks - Cyber criminals have increased their attack of cloud-based services by almost 80% year over year and with many platforms being a share-responsibility model, your data may not be as protected as you expect.
4. Failed Data Recovery - The Veeam 2024 Ransomware Report also found that on average, a ransomware attack will impact 41% of business data. Of that 41%, only 57% will be recoverable leaving a total of 17% of all business data unrecoverable.

With all that bad news, there is hope and it comes down to asking the right questions to your backup provider or internal IT team, and testing your recovery to see if you will beat the street when it comes to troubling data recovery stats.

1. What data do you have listed for protection? Make sure that all data (servers, workstations, Microsoft 365, SaaS services) are protected and that you monitor for unsanctioned applications and personal device storage from end users.
2. How much history do you hold for all business data? Ensure that your history covers the needs of your business.? With cyber criminals often being inside an environment for 200 days, longer data storage can help ensure recovery when you need it most.
3. Is our back-up storage immutable? This is a fundamental to ensure cyber criminals cannot ‘delete’ backups.? With 96% of cyber-attacks including backup system attacks, immutable storage is critical to recovery.
4. How long would it take for a full environment recovery?? Understand worst case scenarios, disasters can impact multiple businesses slowing down recovery, and delays with troubleshooting before the recovery can delay restoration efforts.
5. Do we have a recovery platform for hardware failure / regional disaster / forensic investigation? Where will you restore your environment if the production solution is unavailable.
6. What are the results from the last quarterly recovery test?? The best way to maximize recovery is to run actual tests and review results to ensure they meet company needs.

While these questions will give you a general idea of the recoverability of your environment, there is a lot of work that needs to be done to ensure that all data is protected. ?Recovery always sounds simple and when we are looking at files and folders, it’s basic.? But full environments, ensuring all business-critical data is protected, and finding the worst-case scenario timelines can be challenging if we don’t full test.

So, don’t turn a blind eye to your data protection and ask the hard questions to your MSP or internal IT Team.?? If you don’t get crystal clear answers start digging deeper so you can find any issues, correct them quickly, and recovery like a boss!

Now go get after it and #beawesome!

Thanks

Jim Peterson

Principal Solutions Advisor

ConnectWise