By Raymond Goh, Head of Systems Engineering, Asia & Japan at Veeam Software
28 January marked Data Privacy and Protection Day 2018, an event founded to educate businesses and consumers on the importance of protecting private and personal information online. While this initiative was originally created in light of the growing influence of social networking, with increasingly sophisticated ransomware attacks now posing a threat, data privacy and protection has grown to encompass much more than that.
2017 saw a sharp increase in ransomware attacks, from the Wanna Decryptor with a reported 100,000 organisations across 150 countries attacked within 24 hours of the first attack, to NotPetya, a ransomware reported to be even more lethal than WannaCry. As ransomware continues to evolve, it is now more vital than ever for enterprises around the world to mitigate security breaches.
Here are three steps enterprises should follow to maintain data privacy and protection in today’s ransomware era:
1. Ensuring your organisation adheres to the GDPR
While the GDPR effective in May might be an EU regulation, the new laws are expected to affect companies globally. Organisations should check for protection gaps, preventing potential fallout with EU businesses and to better protect against lapses in data privacy and security.
A breach in data privacy results in not only economic damage, but brand integrity, customer, and employee confidence also suffer
2. Investing in dashboard visibility
While prevention is key for data privacy and protection, it is pertinent for companies to also put in place measures to facilitate quick recovery should a breach occur. Investing in dashboard systems can ensure that IT teams are able to immediately pinpoint where, and when a breach occurs. In this manner, organisations are better equipped to manage security crises in a timely and effective manner.
3. Air gapped Backups
Organizations should also put in place recovery plans should a breach occur. Air gapped backups, "offline" backups that cannot be manipulated or deleted remotely prevent complete loss of data in the event of an attack.
The 3-2-1-1-0 rule serves as a simple yet effective guideline for enterprises to follow. Maintain at least 3 copies of business data, storing critical data on at least 2 different types of storage media, and keep 1 copy of the backups in an off-site location. In addition, organisations should keep 1 other copy offline, and ensure all recoverability solutions have 0 errors. On average, an enterprise suffers a total of 127 minutes of data loss a year due to downtime. A breach in data privacy results in not only economic damage, but brand integrity, customer, and employee confidence also suffers.
Too many organizations continue to struggle with data recovery in their efforts to ensure the availability of their systems, with 85 percent of enterprises less than confident in their organizations’ Availability capabilities.
As businesses around the world combat against ransomware attacks, it is crucial to not only fill Protection Gaps, but to also fill Availability Gaps. Only then will enterprises be able to provide services without disruption even in the event of an attack, saving up to $21.8 million of annual downtime costs, the average amount reported by organizations last year.
By following the three steps above, companies will be able to protect against data privacy, identify breaches quickly; and most importantly, facilitate quick recovery to keep their businesses up and running should a downtime event occur–ensuring Always-On Availability.