Timothy Sheehan believed if he didn't pay the hackers who had cyber-jacked his police department's digitized arrest and incident records his cops would be vulnerable. But if he did pay the cybercriminals the $500 Bitcoin ransom to get his files decrypted, he would be knowingly sending taxpayer dollars to criminals. Still, he felt he had little choice.
“If we got a call for a domestic disturbance at a house we wouldn't have a history of how many domestics had been there," says Sheehan, the police chief of Tewksbury, Massachusetts, a small town outside Boston. “We wouldn't have at our fingertips, without accessing another computer real quickly, whether there was a firearm registered to the residents."
Called ransomware, these kind of attacks—where your data is held hostage unless you pay a hacker's price—is growing. One-quarter of global companies reported having their data backed, then held for ransom, in 2015, up from 16 percent in 2014, according to a 2015 survey from network security firm Radware.
Sheehan, like many others who have faced this kind of attack, decided to pay up. But experts say Tewksbury's problem wasn't a lack of knowledge of best practices, but rather a failure to follow those practices and plan for a disaster.
“People really buy disaster recovery for peace of mind," says analyst J. Bruce Daley with market research firm Tractica, which specializes in technology. “But when they really need it, a lot of times what they find is that it's not as straightforward a process as they might have hoped."
Value Your Business
The first step in disaster preparedness, Daley says, is to try to put a numeric value on the data you have. If you're an Internet business that generates $30,000 in annual revenue, you want to assess that website as property worth $30,000 dollars, he says.
Second? Daley suggests not going completely paperless. A solar storm or a pulse from a thermonuclear device can wipe out all your data, he says. Not such a far-fetched idea, he says, pointing to the Starfish Prime experiments in July, 1962, where the United States detonated a 1.4-megaton H-bomb at an altitude of 250 miles. The explosion damaged electronic equipment as far away as Hawaii and New Zealand, Daley writes in his book, Where Data Is Wealth.
“If a country like North Korea—which has a very capable digital threat—were to do something like that, to retaliate for a remake of The Interview, it could wipe out all of the tape drives in a very large area," says Daley.
More likely the disaster that prompts you to take precautions will be a natural one, such as a hurricane, ora fire. School librarians at the Pine Grove School in Orcutt, California had a fire race through their media center. Although the flames melted much of the library's laptop, they were still able to access their data.
“The recovered data allowed them to give an inventory to the insurance company to replace the contents," says Steve Burgess, by email. Burgess is a computer forensics specialist at his own firm, Burgess Forensics, in Santa Maria, California who also wrote about the library's experience. The library now keeps a regular backup offsite, he says.
Anti-Virus Software Is Insufficient
Some experts says the widespread lack of disaster preparedness planning is catnip to hackers. “We're seeing an uptick in the interest of malicious actors trying to go after the small business base because they know how ill-prepared most of them really are," says Jason Harrison, owner of Harrison Technology Consulting, a Nashville, North Carolina-based IT consultancy.
That's why Harrison believes businesses should have someone they can turn to who's familiar with network security, who can help with a good centralized, managed security gateway.
“You can't just plug in a great firewall and install fantastic anti-virus software and expect everything to be hunky-dory fine," he says. “It ain't gonna happen. You've got to be very pro-active about your security. And that may even mean investing in some equipment, just several different places, that can quickly replicate your core infrastructure."
To plan to recover from a disaster experts say you need to anticipate not only your threats and risks but also how you will restore your physical infrastructure, and your lost data. If you own a small business, you need to also plan a remote site so your employees can keep working and access material they'll need if your main office or site is not inhabitable.
Always Backup Your Data
Backing up data is always imperative—whether you are an individual or a business, says Andy Manoske, a former senior product manager at Alien Vault, a San Mateo, California-based cyber-attack solution developer. “And what I mean by 'back up your data' is not just push it to iCloud and hope for the best. Find a remote device that you control in your physical possession and back up your data onto that."
Why a physical drive? Because a plan that includes just backing up to iCloud, or any cloud, can have holes. Just ask Boston-based backup provider Carbonite, which sued its own vendor Promise Technology, for failing to successfully store Carbonite's data onto equipment the company had bought from Promise. The loss of on-site financial documents, customer lists, and computer applications can be the end of a business, forcing the closing of 60 percent of companies that suffered a catastrophic data loss in 2014, according to The State of Global Disaster Preparedness Annual Report 2014.
“When it comes to full system recoveries, the cloud is good but it can have its negatives, says IT consultant Harrison. “It can be awfully slow, the restoration process. Slow is the thing that can really hurt you, it can be very expensive. You want something so that you can bounce back quickly and maybe ever bounce back quickly somewhere else."
You also need to prioritize and decide who and what you'll need to get back up and running, plus determine what hardware and data is critical to you—and what is optional. When organizing your processes ask yourself if your workers will be able to access their data remotely? Will they be able to use their home machines? And how will you communicate to your team that your disaster plan has been activated? Then pro-actively test and evaluate your plan.
"You want to be sure that you actually do a fire drill," says Burgess. "A check of your backup by restoring some data to your local devices, is the single most important thing you can do."