The surge in ransomware and cyber attacks is not stopping anytime soon. We have all seen the statistics, but when it is your business the math becomes real. We receive calls on a monthly basis from a business owner that is asking for help recovering from an attack. Unfortunately many of these businesses will not recover as we cannot go back in time to "save" them.
There are three areas that need immediate attention to get your business in position to survive the ongoing ransomware attacks that will not be stopping anytime soon. At Stringfellow we utilize our Intelligent Technology Roadmaps to address each of these areas at the beginning of our relationships.
Recovery planning is essential
Businesses today face the possibility of a natural disaster, cyber attack, or global pandemic on a daily basis. No business is "too small" to have a recovery plan in place. Many businesses (and MSPs) put a backup solution, firewall, and anti-virus in place and think that is adequate. The problem is when an event occurs there is no clear recovery plan in place. This greatly increases the harm to business profits, reputation, and recovery time.
Recovery planning is entirely separate from backup. There needs to be agreement on who, what, when, and how the recovery is going to happen. Defining these well in advance of an event and practicing recovery efforts will go a long way towards making your business more resilient. The time to find out your backups are 2 years old and will take a week to recover from is not after an attack occurs.
Lack of Standards create technology problems
Most businesses do not have Standards to use in technology planning. This leads to application sprawl, security holes, and outdated hardware. The amount of Band-Aids and workarounds increases until an event brings the house of cards down. Often a simple unpatched firewall or server is the start of a much bigger business problem.
A recent example of this is on-premise Exchange servers as a conduit for ransomware and cyber attack. Our Stringfellow Standard has been to migrate to cloud-based (Microsoft 365) email services since 2006, and that has eliminated the Exchange attack vector for our Clients. We have discussed the Alignment Process many times before, and know that it all starts with having a set of Standards to work from.
A reactive mindset
The firefighter mentality is alive and well in both business and the technology provider space. This breaks down quickly and is not sustainable for either party. This leads to a vicious cycle of react-respond-react that leaves all the people involved in a permanent reactive state, unable to plan for the future. Not to mention it is emotional draining to always be waiting for the "next" issue to occur!
Finding a proactive, process-based technology partner is critical to the ongoing success of your business. The sooner you establish this relationship the higher your chances of avoiding the ongoing ransomware and cyber attacks that are out there. Our relationships are based on Alignment with our Intelligent Technology Roadmaps which have proven to deliver measurable increases in security, productivity, and profits for our Clients.