Your Backups Might Not Work: Are You Really Prepared for a Cyberattack?

Many business leaders feel secure knowing they have backups and a disaster recovery plan in place. But have these plans ever been put to the test? Dave from GoodChoice IT explains why testing your ransomware recovery plan is vital to avoid significant stress and financial losses.

Key Takeaways

• Most businesses haven’t tested their backups or disaster recovery plans.
• Ransomware attacks can cause prolonged disruption and massive costs.
• A tested recovery plan is crucial for business survival and resilience.
• Key elements to consider include backup immutability, recovery time, contact information, and communication strategies.

The Illusion of Security: Why Backups Aren’t Enough

It’s a common scenario: ask any business leader if they have backups and a disaster recovery plan, and you’ll likely get a confident "yes." But when you probe a little deeper and ask if these systems have ever been tested, the answer often becomes a hesitant "no." This is a dangerous gap in preparedness.

Imagine a ransomware attack hits your business. How long would it actually take to restore everything? What’s the step-by-step process? Who needs to be contacted first? Do you even know your insurance provider’s contact details or your policy number? Without a tested plan, you’re essentially winging it during a crisis, and that can lead to prolonged downtime and severe financial consequences.

The Real Cost of a Cyber Incident

When a serious cyber incident occurs, recovery can take a very long time. We’re not just talking about a few hours; you could easily be looking at weeks. Consider the recent Marks and Spencer cyberattack, which reportedly cost them £300 million and is expected to take six months for a full recovery. How would your business cope with such a prolonged disruption?

Evidence clearly shows that businesses with well-defined and tested plans in place are far more likely to survive these events. Without them, the chances of survival are slim.

What to Look for in Your Backup and Recovery Strategy

When evaluating your current setup, ask your IT team these critical questions:

• Are the backups immutable? This means, can a hacker delete or block your backups without anyone noticing? Some companies back up to tape daily, but if no one checks these tapes or attempts restores, they might be useless. Similarly, cloud backups are great, but if it takes months to download all your data, that’s a significant problem.
• Have you tested the restore process? Even a simple tabletop exercise, walking through the steps of restoring a domain controller, can highlight potential issues. This process is vital, especially if you need to rebuild everything from scratch after an attack.
• Do you have an incident plan? This shouldn’t be pages of jargon. It needs to be a practical guide outlining:
  • Key people and their mobile numbers.
  • Insurance provider details and who to call.
  • The step-by-step recovery process.
  • A communication strategy, including PR messages and internal team updates.
  • Network diagrams, IP addresses, and server dependencies.
  • An understanding of data download times based on corruption and location.
  • How to communicate with your team if standard communication channels are down.

Planning for Profitability and Security

Taking the time to plan and test these scenarios might seem like an expensive and time-consuming undertaking, but it’s an investment that pays off. Having a robust, tested recovery process can significantly speed up recovery times. It can also make your business more attractive when bidding for contracts, especially government work, as it demonstrates a commitment to resilience.

Furthermore, a well-prepared business often benefits from lower insurance premiums and is less likely to suffer the devastating consequences of a ransomware attack. If you have questions or want to discuss how to make your business more profitable and secure, don’t hesitate to reach out.