Disaster recovery plans used to be focused on hurricanes, tornadoes and other natural disasters. But today, the most pressing threat is an email attack. You know those emails that look official and ask you to click here to receive a fax or track a package that you know nothing about. They have all the right words and formatting. They may even look like people you know sent them.
I shared last fall how malware attacks through email have become increasingly sophisticated. Now, they’re even more prevalent – and destructive.
As Common as a Cold
It’s becoming like the common cold. It could easily happen to any organization. In a recent week, we had four instances with clients where an employee clicked on an email that may have looked official, but wasn’t, and the malicious software took over in seconds.
Malware, short for malicious software, can lock the computer, corrupt files and can infect the entire organization. The challenge is there is no fix for it. Without backup devices, an organization can lose all the data.
The recovery process can be more challenging because as the volume of data in an organization has increased, so has the number of servers.
There are steps organizations can take to recover and get back up and running quickly. Every organization should develop a disaster recovery plan for an email attack. Here’s a recommended three-step plan:
- Do a local backup. This includes all workstations, servers and applications on a local appliance. This can be sitting right next to an existing server, which is unlike recovery plans for natural disasters where nearby backups are not effective. Depending on the attack, this could allow a user to shut down and move to the appliance while the existing server is repaired and prevent a virus from spreading.
- Replicate to the Cloud. This means you create a backup of the organization’s backup in the cloud. This is similar to the old school tape drive that people took home each day in the past. You can combine these first two and backup all data and applications to a local appliance and have that appliance replicate to the cloud.
- Establish a VDI (Virtual Desktop Infrastructure) or Desktop as a Service (DaaS). We often talk about how VDI makes it easy for employees to work remotely and access what they need from any device, anywhere. But it also can come to the rescue for organizations that have been attacked. It can be designed to automatically take snapshots and backups periodically throughout the day. This allows organizations to more easily revert to a “good known state” before the hack. That means identifying the time the email was clicked and restoring the digital environment to shortly before. Then, users’ desktops can be rebuilt by reloading them from a pool of virtual desktops. IT staff or DaaS provider keep a baseline image of the desktop. We call it a “golden image.”
Without VDI, or good backups, the process of reverting to a good known state is very labor intensive and can take hundreds of hours to rebuild.
With the influx and dependence on data and applications in today’s business world, all of these backups now need to happen in real-time.
Implementing a disaster recovery plan like this in your organization will not safeguard you from an attack, just like it won’t prevent a weather disaster. But it will allow your organization to recover and get back to work faster.
The best defense is educating employees. Even with today’s sophistication in the hacks, a virus cannot infect your computer – or your network – without someone physically clicking on a link. Being smart about what you click and what you don’t has never been more important.