Print Friendly, PDF & Email

Data Backup & Recovery Plans Can Protect Your Organization from the Consequences of Ransomware Attacks

Ransomware is one of the most prevalent forms of malicious cyber-attacks facing businesses today. “The advent of new tools that wrap victims’ data with tough encryption technology, hard-to-trace digital currency like Bitcoin, and even online sites that offer to do the data ransoming in return for a piece of the action, have made this method of cybertheft much easier,” reported the NY Times. AAFCPAs advises clients to develop a Data Recovery Plan, including regular data backup, which may allow you to restore your data without paying a ransom, and without affecting business continuity.
To create an effective data backup and recovery plan, AAFCPAs’ Business & IT Advisory practice offers the following key considerations:

  • How much, and how often should we backup? The frequency and breadth of your data backup must be determined by your business needs. This should include incremental daily, along with full monthly backups.
  • Where should the backup reside? Your backup can be stored locally, but another copy should be stored at least 50 miles away from the location the live system(s)/original backup resides. Cloud-based backup systems are a great solution, but providers must be properly vetted. AAFCPAs advises clients to ensure the Cloud provider has its own disaster/recovery plan which guarantees your backup would be available in the event the provider also has a disaster. In either case, backups need to be encrypted so only appropriate persons can decrypt and use them.
  • How long should we retain our backups? Unfortunately, in some instances, ransomware (and viruses) make it into backups. We recommend redundant data file backups, usually more than three months, which will allow your organization to restore from a clean backup point. This is especially important for mission-critical data.
  • How do we know if we are restoring safe files? Make sure you have someone knowledgeable assess the restored system, including applications, to ensure the restoration is fully functional and data is not corrupted. Additionally, AAFCPAs recommends that clients test their backups periodically to ensure the data is usable. For example, the finance department may spot check the backup by running a compare against the live financial system to ensure data accuracy. These quality control tests are best performed by users transacting with the backup data.

AAFCPAs also encourages clients to consider moving into a virtual machine (VM) environment, as VMs are easy to re-generate. System administrators can take an image of the system once in a business desired state, which along with application specific backups can substantially decrease system restoration time, and minimize disruption.
In honor of October being Cyber-Security Awareness Month, AAFCPAs would like to take this moment to remind our clients again of the critical importance of taking measures to protect against malicious cyber-attacks. AAFCPAs advises clients to take a disciplined approach to cyber-security in order to better guard against, and minimize your organization’s risk of becoming a victim. Data Backup & Recovery Plans are one tool that can help protect your organization from the consequences of ransomware attacks.
To schedule a cyber-security assessment, or for specific advice on how to best protect your organization against cyber-attacks, please contact James Jumes at 774.512.4062jjumes@nullaafcpa.comVassilis Kontoglis at or your AAFCPAs partner.
Related Post: AAFCPAs encourages clients to learn how Installing Patches Immediately Helps Protect Your Organization from Cyber Vulnerabilities.

About the Authors

James Jumes
James joined AAFCPAs in 2013 to lead the Business Advisory Services practice. He has more than 25 years of experience working with information technology systems and diverse business operational processes. James is highly experienced in IT controls and assurance, SOX 404, and Service Organization Control (SOC) reports: SOC 1 (SSAE 18), SOC 2, SOC 2+ and 3 attestation reporting.  James developed a unique methodology to delivering SOC reporting services, and he is an AICPA-approved Peer Review SOC Specialist, assisting peer review teams to review SOC 1, 2, 2+ and 3 engagements. He is a HITRUST Certified Common Security Framework (CSF) Practitioner, providing HITRUST CSF self-assessment consulting, or SOC 2 + HITRUST for assessing against the evolving compliance landscape shaped by HITECH, HIPAA, CMS and various other federal, state and business requirements.
Vassilis Kontoglis
Vassilis is a highly-skilled IT professional with proven expertise in: business process improvement and change management, information systems gap analyses, cyber security and IT risk assessments, systems selection & implementation, IT auditing, and special attestation reporting (SSAE 18 and SOC 2). Vassilis performs comprehensive and thorough reviews of technology systems and environments, and advises clients on how to use technology to best achieve business goals and objectives.  He elicits input from stakeholders at all levels of the organizational hierarchy in order to thoroughly evaluate business performance across functional boundaries.  He analyzes current and potential business and IT processes to identify clear opportunities for improvement, which may include streamlining and automation, productivity increases, strategic alignment and cost reductions.