All businesses today require a disaster recovery plan in some form. Implementation and regular testing of a disaster recovery or backup plan can literally save your company from going under.
Our Encore team members hold a Q and A about what businesses need to be planning for in case of disasters like cyber attacks or natural disasters.
Melissa: Hi, there everyone. This is Melissa here from Encore. And today, I have a couple of team members here also from Encore. So we’ve got Becky Owens who is an Account Executive, and we’ve got Sam Walters who is the Practice Lead of Technology Services. So they’re both here today to just do a Q&A to talk about disaster recovery. And I’m gonna throw it over to you guys. How are you doing?
Becky: Good. How are you?
Melissa: Great, great. You can start, Becky, whenever you are ready.
Becky: Sure. So, Sam and I have been having several conversations with our clients around security and disaster recovery. And unfortunately, we live in a world of evolving threats, whether it’s natural disasters, like the wildfires we’ve experienced here in the West Coast or the hurricanes in the south or the never-ending cyber-attacks. Sam, you and I have spoke with several clients who have been hit with ransomware attacks.
And what we’re finding when we’re talking to these folks is that most businesses often feel falsely protected, either because they have not yet been attacked or what we’re also hearing is that they have a firewall or an antivirus, or even we’ve heard some folks say, “Our users are smart. They would never click on a bad email.” But what we’re seeing is that those are really unsafe assumptions. So today, we are just gonna talk about some of the questions that we often hear during these discussions and what are some of the steps that our clients can do to make sure that they are protected. So, Melissa, do you want to click over to some of the questions that we often hear or are asked?
Melissa: Yeah, has it shown up? Can you see it?
Becky: It is.
Sam: Okay. So one of the number one things I think I hear from my side at least is, “Do I really need offsite backups? We already have backups on-prem. There is no need for it. We are fully backed up.” Actually, one of the scenarios that we saw from a client was they thought they were protected, they had onsite backups. Some user in their organization clicked on a malicious link in an email that downloaded ransomware, and it not only encrypted the servers that they were on, but it went ahead and encrypted their entire backup library as well. So having offsite completely segregated backups is incredibly important because without that you are basically just rolling the dice.
Melissa: There you go.
Sam: Thanks. The next one would be why pay for Azure storage instead of another save local site. Again, if you have a VPN or something we have seen ransomware viruses traverse those VPNs and jump from hosted solutions into your local domain or into other local sites, whereas if you use Azure backup, it’s completely segregated. It uses a backup agent that is installed so there’s nothing that actually allows for that file-level access into each of the images. And when you do use Azure backup and are able to have your servers up there, it takes a full snapshot of the server. So, that let’s say you did get hit with ransomware at one point…we actually had a customer that was hit with ransomware because they had declined antivirus protection on the servers. When they did get hit, they did have backups up in Azure, and so we were able to restore their backups and get them back up within the same day.
So how does ransomware effect backups? One of the biggest things we’ve seen is ransomware going across and encrypting those backups that are on the same local site or even ones that are off-site and connected with a VPN. Unless your backups are fully segregated from your network, there’s a good chance that the ransomware can move laterally across the network and actually take those backups as well. You have seen it with large companies, such as Garmin who got hit and all of their backups got hit as well and they were off for two or three days. And these are critical systems that people rely on on a daily basis for GPS and rescue out in the field. And unfortunately, because Garmin didn’t have an offsite backup for that, they ended up likely having to pay the ransom which was multiple millions of dollars.
Becky: And Sam, just to go back, that has happened with some of our clients as well where their backups were on site and they were hit with the ransomware and the FBI actually had to get involved and they ended up paying millions of dollars to get their data back, which was still corrupted.
Sam: Exactly. And so even if you do pay the ransom, there’s no guaranteed that the data you get back is actually good data. They could just give you back a bunch of junk and you’re kind of out of luck at that point. So how can I secure my environment better? There is a few different options here and a lot of them involve training. The biggest thing is training your users on reporting phishing emails and reporting spam emails. You can do this through Office 365 Advanced Threat Protection, or you can use a third-party product like KnowBe4. Both are really good options. And then also training your users on exactly what phishing emails look like, how you can spot them, and then making them question. So even if they’re not sure about it, forwarding it to the help desk and having the help desk analyze it and make sure that, you know, that’s an okay email before they click on the link.
The other thing we’ve been recommending is multi-factor authentication. So we’ve seen a lot of credential harvesting where people have simple passwords and, you know, their password got leaked because they used the same password for one of their other services online that got hacked. So by having multifactor authentication, it forces the user to enter a time-based code or approve that sign-in from their phone. That makes a huge difference because if they’re starting to get prompts that they didn’t request to sign in then they know that their account has been breached and they can notify the help desk of that.
So how do I keep users from downloading malicious files or clicking on phishing links? The biggest thing I would say for that is user education and training. Now whether that be using a third-party product like, KnowBe4 or Phish. Those are gonna be the things that your IT department is gonna have to determine. From us, our team, we have done extensive training with all of our users going into how to spot a phishing email. And if you have any question about the email at all, forward it off to the help desk or report the email through Office 365 Advanced Threat Protection. That makes sure that, you know, even if the user is unsure about the email someone with more experience can evaluate it first, or we can send it off to Microsoft and have it evaluated before the user actually engages with that email.
So what if a site in Azure fails? There is a few different options here and one of the big ones is disaster recovery in Azure. They actually have this built into Azure where if one of their sites goes down your systems would automatically failover onto an equal and opposite site. So take, for example, a site on the East Coast fails. What is gonna happen to your machines is they would failover on to a site in the West Coast if you do have the disaster recovery in Azure setup. This makes sure that you have 100% uptime and that traffic is rerouted correctly to the new Azure data center.
One of the other things with this is it would allow you to…let’s say on-prem fails and you need to go up into Azure, there is a way to do that as well through Azure site recovery. So this kind of dives into the Azure site recovery a little bit with is there a way to have a live backup in case an on-prem location goes down so my users out of the office can keep working? And absolutely. Azure site recovery takes a clone of your virtual machine or of the physical machine that you have running on-site so you can get the best of both worlds here. It’s relatively inexpensive and that it’s under $30 per machine per month.
So let’s say you have a server on-site, what you would do is set up Azure site recovery to that server. It replicates it up into Azure. This way you keep your running costs down by running your items locally instead of up in Azure but you still get that redundancy as if you had a server in Azure. So if your site does go down through, you know, a hurricane or a flood or a fire, as Becky mentioned, then you would initiate a failover and all of your items would start running in Azure. When your site does come back up, you can fail it back onto your normal site and keep working from there.
Becky: Hey, Sam. So I think that’s a question that we get quite often as well is people think that disaster recovery is really expensive, that it’s gonna be a big budget item for them. And it certainly can be but there’s very cost-effective ways to make sure you’re protected, correct?
Sam: Absolutely. So the Azure backups run about $25 per machine per month. And with those…that includes up to 500 gigs of storage. If you want to go over that, it adds another $10 per 500 gigs. So it’s relatively inexpensive there. If you want to use Azure site recovery like I talked about before, you’re looking at right around $30 per month per machine but that is a tiny amount of cost in comparison to the actual cost of having to recover or the lost business from not being able to use your systems in a timely manner.
Melissa: There we go. We got to the end of the questions already. Thanks so much, Sam. So if you’re ready, Sam, I can pass it over to you. I know you have just a little bit you wanted to talk about, some of our offers?
Becky: Sam, can I ask you another question since we’re on here?
Sam: Yeah, absolutely.
Becky: So for the folks that think like I mentioned at the beginning, they say, “Oh, we pay for our antivirus,” or, “We have a firewall,” which is great. Those are great but what would you say to those folks that think that’s enough and that’s all they need to make sure that they are secure?
Sam: I would say that no solution is 100% guaranteed. So you may have a good firewall, you may have good antivirus, you may have onsite backups or even some sort of offsite backups whether it be through tape or removing a hard drive from the system. Those are all great options, but you need to have plans A, B, C, D kind of thing instead of just having one that you’re putting all your eggs in one basket. When we see people do that, and then it gets overridden, you know, through ransomware or something else that beat the anti-virus system they start crying foul basically saying, “Oh, well, I already paid for antivirus.” Well, okay, but that’s not the only thing there. Just like if you drive a car, you’re gonna have to pay for insurance on your car in case you get in an accident. It’s the same idea that you always have a backup.
Becky: Thank you
Melissa: Thanks, Sam. That’s great. I’m gonna take the presentation back here although we’re just about done here. Can you see my screen?
Becky: We can. Yeah.
Melissa: Okay. Was there any other kind of notes that you two wanted to talk before we see if there’s any questions?
Sam: I think the biggest thing is just making sure people have a plan. There’s a lot of businesses these days, especially with COVID that went immediately from working on-site to working offsite and making sure that the users are able to access all of the internal infrastructure and maybe not just through VPN but through cloud resource as well so that your workforce can actually work anywhere and not just be stuck to a certain computer.
Melissa: Great. I’m just gonna have a look here. I don’t see that any questions have come through but we will be…we’re recording this today. We will be sending this to everyone who registered and putting it up on our site. So you, of course, can contact Encore if you have any questions about disaster recovery. And then I think we can wrap this up early.
Sam: All right. Well, thanks, everyone.
Melissa: Give everybody their time back. Great. Thanks, everyone. Thanks both of you.
Becky: Have a good day.
Melissa: Have a good day.
If your business experiences these red flags, your diagnosis is clear: time to adopt the cloud!